CVE-2023-27583
First published: Mon Mar 13 2023(Updated: )
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Panindex Project Panindex | <3.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-27583?
CVE-2023-27583 is a vulnerability in PanIndex prior to version 3.1.3 that allows an attacker to perform actions as a user with admin privileges.
How severe is CVE-2023-27583?
CVE-2023-27583 has a severity rating of critical with a score of 9.8.
What is the affected software version?
PanIndex versions up to and excluding 3.1.3 are affected by CVE-2023-27583.
How can I fix CVE-2023-27583?
To fix CVE-2023-27583, update to version 3.1.3 of PanIndex. Alternatively, apply the patch available in version 3.1.3 or use appropriate workarounds.
Where can I find more information about CVE-2023-27583?
You can find more information about CVE-2023-27583 in the following references: [Reference 1](https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302), [Reference 2](https://github.com/px-org/PanIndex/releases/tag/v3.1.3), [Reference 3](https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v).
- collector/nvd-index
- vendor/panindex project
- product/panindex
- canonical/panindex project panindex