Vulnerability Details CVE-2023-47315
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-47315
-
cpe:2.3:a:h-mdm:headwind_mdm:5.22.1