CVE-2022-42983

Name of the Vulnerable Software and Affected Versions anji-plus AJ-Report version 0.9.8.6

Description The issue allows remote attackers to bypass login authentication by spoofing JWT Tokens. This can be exploited by attackers to gain unauthorized access to the system.

Recommendations For anji-plus AJ-Report version 0.9.8.6, consider disabling the use of JWT Tokens for login authentication until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the token variable in authentication processes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.