Fogdong

**Name of the Vulnerable Software and Affected Versions** KubeVela versions prior to 1.4.11 and 1.5.4 **Description** KubeVela is an application delivery platform that could be affected by an authentication bypass issue. The VelaUX APIServer uses the `PlatformID` as the signed key to generate JWT tokens for users. The `getSystemInfo` API exposes the `platformID`, allowing users to re-generate JWT tokens and bypass authentication. **Recommendations** For versions prior to 1.4.11, update to version 1.4.11 or later. For versions prior to 1.5.4, update to version 1.5.4 or later. As a temporary workaround, consider restricting access to the `getSystemInfo` API to minimize the risk of exploitation.