CVE-2025-7079

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-7079

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7079.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7079

Published

2025-07-06T13:15:35.413Z

Modified

2025-11-20T12:38:50.616401Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/mao888/bluebell-plus

Affected ranges

Type: GIT
Repo: https://github.com/mao888/bluebell-plus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

74a40e50cca0c12dab9f6c4affb91f55ba53a658

Affected versions

v.*

v.2.3.0

v2.*

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.1.0

v2.1.1

v2.1.2

v2.1.5

v2.1.6

v2.1.7

v2.2.0