CVE-2023-27583

Use of Hard-coded Credentials in go/github.com/px-org/PanIndex

Identifiers

CVE-2023-27583, GHSA-82wq-gmw8-g87v

Package Slug

go/github.com/px-org/PanIndex

Vulnerability

Use of Hard-coded Credentials

Description

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.

Affected Versions

All versions before 3.1.3

Solution

Upgrade to version 3.1.3 or above.

Last Modified

2023-03-20

source