漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Panindex uses hard coded cyptographic key
Vulnerability Description
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
PanIndex 信任管理问题漏洞
Vulnerability Description
PanIndex是网盘目录索引。 PanIndex 3.1.3之前版本存在安全漏洞。攻击者利用该漏洞使用硬编码的JWT密钥对JWT令牌进行签名,并以具有管理员权限的用户身份执行任何操作。
CVSS Information
N/A
Vulnerability Type
N/A