CVE-2023-27584

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.0.9

Description The issue concerns Dragonfly, an open-source P2P-based file distribution and image acceleration system. It uses JWT to verify users, but the secret key for JWT is hardcoded, leading to authentication bypass. An attacker can perform any action as a user with admin privileges.

Recommendations For versions prior to 2.0.9, upgrade to version 2.0.9 to fix the issue. As a temporary workaround, consider restricting access to sensitive features or functions that rely on the hardcoded JWT secret key until the upgrade is applied.