Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Panindex uses hard coded cyptographic key
Vulnerability Description
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
PanIndex 信任管理问题漏洞
Vulnerability Description
PanIndex是网盘目录索引。 PanIndex 3.1.3之前版本存在安全漏洞。攻击者利用该漏洞使用硬编码的JWT密钥对JWT令牌进行签名,并以具有管理员权限的用户身份执行任何操作。
CVSS Information
N/A
Vulnerability Type
N/A