CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Configurations

No configuration.

History

08 Jul 2025, 16:18

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad clasificada como problemática en Done-0 Jank hasta 322caebbad10568460364b9667aa62c3080bfc17. La vulnerabilidad afecta a una función desconocida del archivo internal/utils/jwt_utils.go del componente JWT Token Handler. La manipulación del argumento accessSecret/refreshSecret con la entrada jank-blog-secret/jank-blog-refresh-secret conlleva el uso de una contraseña predefinida. Es posible ejecutar el ataque en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Este producto utiliza un sistema de entrega continua con versiones continuas. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las versiones actualizadas.

06 Jul 2025, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-06 14:15

Updated : 2025-07-08 16:18


NVD link : CVE-2025-7080

Mitre link : CVE-2025-7080

CVE.ORG link : CVE-2025-7080


JSON object : View

Products Affected

No product.

CWE
CWE-255

Credentials Management Errors

CWE-259

Use of Hard-coded Password