exploitDog

GHSA-836x-3v5w-54f3

Опубликовано: 08 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

Ссылки

EPSS

Процентиль: 25%

0.00086

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-331

Связанные уязвимости

CVE-2025-14261

CVSS3: 7.1

nvd

2 месяца назад

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

EPSS

Процентиль: 25%

0.00086

Низкий

7.1 High

CVSS3

CVE ID

Дефекты

CWE-331