CVE-2023-48396

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/30/1", "name": "http://www.openwall.com/lists/oss-security/2024/07/30/1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/30/1", "name": "http://www.openwall.com/lists/oss-security/2024/07/30/1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw", "name": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw", "tags": ["Mailing List", "Vendor Advisory"], "refsource": ""}, {"url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw", "name": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw", "tags": ["Mailing List", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-48396", "ASSIGNER": "security@apache.org"}}, "impact": {}, "publishedDate": "2024-07-30T09:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-10T18:49Z"}