7 matches found
CVE-2025-13877
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...
EUVD-2025-200266
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments...
GHSA-644F-HRFF-MF96 Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...
CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...
CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key
A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...
nocobase 安全漏洞
Nocobase is a low-code platform open-sourced by NocoBase. A security vulnerability exists in nocobase version 1.9.4 and 2.0.0-alpha.37, which stems from the use of a hard-coded key for the parameter APIKEY in the file nocobasepackagescoreauthsrcasejwt-service.ts...
PT-2025-48710
Name of the Vulnerable Software and Affected Versions nocobase versions 1.9.4 and 2.0.0-alpha.37 Description A security issue exists in nocobase that allows for remote attacks with high complexity and difficult exploitability. The issue involves the manipulation of the API KEY argument within an...