Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/31xxx/CVE-2023-31579.json",
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:tangyh:lamp-cloud:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "v3.8.1"
},
{
"fixed": "3.8.1"
}
],
"source": [
"DESCRIPTION",
"CPE_RANGE"
]
}