Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Go-Tribe gotribe token.go Sign hard-coded credentials
Vulnerability Description
A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
gotribe 信任管理问题漏洞
Vulnerability Description
gotribe是gotribe开源的一个 Go + Vue 开发的小型 cms 解决方案。 gotribe存在信任管理问题漏洞,该漏洞源于对参数config.key的操作会导致硬编码凭据。
CVSS Information
N/A
Vulnerability Type
N/A