First published: Mon Mar 13 2023(Updated: )
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Panindex Project Panindex | <3.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-27583 is a vulnerability in PanIndex prior to version 3.1.3 that allows an attacker to perform actions as a user with admin privileges.
CVE-2023-27583 has a severity rating of critical with a score of 9.8.
PanIndex versions up to and excluding 3.1.3 are affected by CVE-2023-27583.
To fix CVE-2023-27583, update to version 3.1.3 of PanIndex. Alternatively, apply the patch available in version 3.1.3 or use appropriate workarounds.
You can find more information about CVE-2023-27583 in the following references: [Reference 1](https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302), [Reference 2](https://github.com/px-org/PanIndex/releases/tag/v3.1.3), [Reference 3](https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v).