ГлавнаяУязвимости → CVE-2023-53951
9.8критическая

CVE-2023-53951

Описание

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/ever-co/ever-gauzyhttps://www.exploit-db.com/exploits/51354https://www.vulncheck.com/advisories/ever-gauzy-jwt-authentication-weakness-via-hmac-secret