PT-2023-20479 · European Chemicals Agency · Iuclid
Published
2023-05-02
·
Updated
2025-01-30
·
CVE-2023-26089
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
European Chemicals Agency IUCLID versions 5.15.0 through 6.27.5
Description
The issue allows authentication bypass due to a weak hard-coded secret used for JWT signing.
Recommendations
For versions 5.15.0 through 6.27.5, update to version 6.27.6 or later to resolve the issue.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iuclid