Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Done-0 Jank JWT Token jwt_utils.go hard-coded password
Vulnerability Description
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
使用硬编码的口令
Vulnerability Title
Jank 安全漏洞
Vulnerability Description
Jank是Fender个人开发者的一个轻量级的博客系统。 Jank存在安全漏洞,该漏洞源于文件internal/utils/jwt_utils.go中参数accessSecret/refreshSecret使用硬编码密码。
CVSS Information
N/A
Vulnerability Type
N/A