CVE-2021-40494: AdaptiveScale LXDUI Hardcoded JWT Secret Key
(updated )
A Hardcoded JWT Secret Key in __metadata__.py metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system.
References
- github.com/AdaptiveScale/lxdui
- github.com/AdaptiveScale/lxdui/commit/e4bffeb9d69a5700a642cb6424453d1894e50d84
- github.com/AdaptiveScale/lxdui/pull/353
- github.com/advisories/GHSA-p4xh-4869-8vrg
- github.com/pypa/advisory-database/tree/main/vulns/lxdui/PYSEC-2021-342.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-40494
Detect and mitigate CVE-2021-40494 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →