CVE-2022-32430: Hardcoded JWT Token in Lin CMS Spring Boot

July 22, 2022 (updated August 17, 2023)

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.

References

github.com/TaleLin/lin-cms-spring-boot/blob/3fc25bd8c10c73db2e7230809b322127eac554e3/src/main/resources/application.yml
github.com/advisories/GHSA-q72p-4w56-hx7h
nvd.nist.gov/vuln/detail/CVE-2022-32430
web.archive.org/web/20220721190946/https://www.mesec.cn/archives/277

Code Behaviors & Features

Detect and mitigate CVE-2022-32430 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →