Описание
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
EPSS
Процентиль: 27%
0.00095
Низкий
8.1 High
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 8.1
github
8 месяцев назад
The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
EPSS
Процентиль: 27%
0.00095
Низкий
8.1 High
CVSS3
Дефекты
CWE-798