Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-30T08:15:33.731Z

Updated: 2024-08-02T21:30:34.963Z

Reserved: 2023-11-16T06:55:43.177Z

Link: CVE-2023-48396

cve-icon Vulnrichment

Updated: 2024-08-02T21:30:34.963Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-30T09:15:02.540

Modified: 2024-11-21T08:31:37.970

Link: CVE-2023-48396

cve-icon Redhat

No data.