PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
{
"cwe_ids": [
"CWE-321"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/27xxx/CVE-2023-27583.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:panindex_project:panindex:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}