Описание
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
Ссылки
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.14 (включая)
cpe:2.3:a:creativeitem:academy_lms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00154
Низкий
9.4 Critical
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.4
github
4 месяца назад
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
EPSS
Процентиль: 36%
0.00154
Низкий
9.4 Critical
CVSS3
Дефекты
CWE-798