## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. ## Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument API_KEY results in use of hard-coded cryptographic key . The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is d…
GHSA-644f-hrff-mf96: Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
A vulnerability in NocoBase versions up to 1.9.4/2.0.0-alpha.37 allows remote authentication bypass due to a hard-coded JWT secret.