Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.
References
Link | Resource |
---|---|
https://boltonshield.com/en/cve/cve-2023-47315/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-22T00:00:00
Updated: 2023-11-30T21:09:03.491496
Reserved: 2023-11-06T00:00:00
Link: CVE-2023-47315
JSON object: View
NVD Information
Status : Modified
Published: 2023-11-22T17:15:22.377
Modified: 2023-11-30T21:15:08.740
Link: CVE-2023-47315
JSON object: View
Redhat Information
No data.
CWE