CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

PT-2023-20479 · European Chemicals Agency · Iuclid

Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID versions 5.15.0 through 6.27.5 Description: The issue allows authentication bypass due to a weak hard-coded secret used for JWT signing. Recommendations: For versions 5.15.0 through 6.27.5, update to version...