CVE-2023-26089

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
02/05/2023
Last modified:
30/01/2025

Description

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:echa.europa:iuclid:*:*:*:*:*:*:*:* 5.15.0 (including) 6.27.6 (excluding)