org.apache.submarine:submarine-commons-utils is vulnerable to Improper Authentication. The vulnerability is caused by a hard-coded JSON Web Token (JWT) key (SUBMARINE_SECRET_12345678901234567890) within SubmarineConfVars.java
, which allows attackers to generate unauthorized JWT tokens, bypass authentication, and potentially gain access to sensitive data and functionality.
CPE | Name | Operator | Version |
---|---|---|---|
submarine: commons utils | le | 0.8.0 | |
submarine: commons utils | le | 0.8.0 |
www.openwall.com/lists/oss-security/2024/06/12/2
github.com/advisories/GHSA-jwcg-wv5x-vg3g
github.com/apache/submarine/commit/7a1d551798c6785fc68fe028fc46f74c3ee6976d
github.com/apache/submarine/pull/1125
issues.apache.org/jira/browse/SUBMARINE-1417
lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4