PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
References
Configurations
History
07 Nov 2023, 04:10
Type | Values Removed | Values Added |
---|---|---|
Summary | PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project. |
17 Mar 2023, 17:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/px-org/PanIndex/releases/tag/v3.1.3 - Release Notes | |
References | (MISC) https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302 - Patch | |
References | (MISC) https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v - Vendor Advisory | |
CPE | cpe:2.3:a:panindex_project:panindex:*:*:*:*:*:*:*:* | |
CWE | CWE-798 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Panindex Project
Panindex Project panindex |
13 Mar 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-13 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-27583
Mitre link : CVE-2023-27583
CVE.ORG link : CVE-2023-27583
JSON object : View
Products Affected
panindex_project
- panindex