Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xNzJwLTR3NTYtaHg3aM4AAtkq
Hardcoded JWT Token in Lin CMS Spring Boot
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
Permalink: https://github.com/advisories/GHSA-q72p-4w56-hx7hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNzJwLTR3NTYtaHg3aM4AAtkq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.01858
EPSS Percentile: 0.88624
Identifiers: GHSA-q72p-4w56-hx7h, CVE-2022-32430
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-32430
- https://github.com/TaleLin/lin-cms-spring-boot/blob/3fc25bd8c10c73db2e7230809b322127eac554e3/src/main/resources/application.yml#L43
- https://web.archive.org/web/20220721190946/https://www.mesec.cn/archives/277
- https://github.com/advisories/GHSA-q72p-4w56-hx7h
Blast Radius: 3.6
Affected Packages
maven:io.github.talelin:lin-cms-core
Dependent packages: 1Dependent repositories: 3
Downloads:
Affected Version Ranges: <= 0.2.1
No known fixed version
All affected versions: