Vulnerability Details CVE-2023-31579
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2023-31579
-
cpe:2.3:a:tangyh:lamp-cloud:1.0
-
cpe:2.3:a:tangyh:lamp-cloud:2.0
-
cpe:2.3:a:tangyh:lamp-cloud:2.1
-
cpe:2.3:a:tangyh:lamp-cloud:2.2
-
cpe:2.3:a:tangyh:lamp-cloud:2.3
-
cpe:2.3:a:tangyh:lamp-cloud:2.4.0
-
cpe:2.3:a:tangyh:lamp-cloud:2.5.0
-
cpe:2.3:a:tangyh:lamp-cloud:2.5.2
-
cpe:2.3:a:tangyh:lamp-cloud:2.6.0
-
cpe:2.3:a:tangyh:lamp-cloud:2.7.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.0.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.0.1
-
cpe:2.3:a:tangyh:lamp-cloud:3.0.2
-
cpe:2.3:a:tangyh:lamp-cloud:3.1.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.1.2
-
cpe:2.3:a:tangyh:lamp-cloud:3.2.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.2.1
-
cpe:2.3:a:tangyh:lamp-cloud:3.2.2
-
cpe:2.3:a:tangyh:lamp-cloud:3.2.4
-
cpe:2.3:a:tangyh:lamp-cloud:3.3.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.4.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.1
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.2
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.3
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.4
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.5
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.7
-
cpe:2.3:a:tangyh:lamp-cloud:3.5.8
-
cpe:2.3:a:tangyh:lamp-cloud:3.6.0
-
cpe:2.3:a:tangyh:lamp-cloud:3.6.2
-
cpe:2.3:a:tangyh:lamp-cloud:3.7.0