A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password.

This vulnerability is traded as CVE-2025-7080. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.