Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
opsre go-ldap-admin JWT docker-compose.yaml hard-coded key
Vulnerability Description
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Go Ldap Admin 安全漏洞
Vulnerability Description
Go Ldap Admin是中国opsre组织的一个基于Go+Vue实现的openLDAP后台管理项目。 Go Ldap Admin 20251011及之前版本存在安全漏洞,该漏洞源于docs/docker-compose/docker-compose.yaml文件中JWT Handler组件使用硬编码加密密钥,可能导致安全风险。
CVSS Information
N/A
Vulnerability Type
N/A