CVE-2023-53951

Sažetak

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

Reference

https://github.com/ever-co/ever-gauzy
https://www.exploit-db.com/exploits/51354
https://www.vulncheck.com/advisories/ever-gauzy-jwt-authentication-weakness-via-hmac-secret

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

23-12-2025 - 14:52

Objavljeno

19-12-2025 - 21:15