Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret
Vulnerability Description
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Ever Gauzy Platform 数据伪造问题漏洞
Vulnerability Description
Ever Gauzy Platform是Ever开源的一个开放式业务管理平台。 Ever Gauzy Platform v0.281.9版本存在数据伪造问题漏洞,该漏洞源于JWT认证实现不当,可能导致未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A