Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

2023-11-0300:30:26

Google

osv.dev

dromara lamp-cloud

cryptographic key

vulnerability

json web token

authentication

attackers

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.5%

JSON

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.

CPENameOperatorVersion
top.tangyh.basic:lamp-coreeq3.4.0
top.tangyh.basic:lamp-coreeq3.5.5
top.tangyh.basic:lamp-utileq3.4.0
top.tangyh.basic:lamp-coreeq3.6.0
top.tangyh.basic:lamp-utileq3.6.0
top.tangyh.basic:lamp-coreeq3.7.0
top.tangyh.basic:lamp-coreeq3.5.0
top.tangyh.basic:lamp-coreeq3.5.1
top.tangyh.basic:lamp-utileq3.5.1
top.tangyh.basic:lamp-utileq3.7.0

Name	Operator	Version
top.tangyh.basic:lamp-core	eq	3.4.0
top.tangyh.basic:lamp-core	eq	3.5.5
top.tangyh.basic:lamp-util	eq	3.4.0
top.tangyh.basic:lamp-core	eq	3.6.0
top.tangyh.basic:lamp-util	eq	3.6.0
top.tangyh.basic:lamp-core	eq	3.7.0
top.tangyh.basic:lamp-core	eq	3.5.0
top.tangyh.basic:lamp-core	eq	3.5.1
top.tangyh.basic:lamp-util	eq	3.5.1
top.tangyh.basic:lamp-util	eq	3.7.0