CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35)

Inserito da Angelo Barbosa | Lug 5, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password.

The identification of this vulnerability is CVE-2025-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35)

Post correlati

CVE-2024-1809 | Analytify Plugin up to 5.2.3 on WordPress authorization

CVE-2024-9043 | Cellopoint Secure Email Gateway up to 4.5.0 Packets stack-based overflow

CVE-2024-13275 | Drupal Security Kit up to 2.0.2 type confusion

CVE-2024-33538 | Fastline Media Assistant Plugin up to 1.4.9.1 on WordPress information disclosure