CNNVD-202507-591 Information

CNNVD ID

CNNVD-202507-591

Related CVE

CVE-2025-7079

• CNNVD Published: 2025-07-06

Description (Chinese)

bluebell-plus是ChaoHu个人开发者的一个博客论坛web项目。 bluebell-plus 2.3.0及之前版本存在安全漏洞，该漏洞源于文件bluebell_backend/pkg/jwt/jwt.go中参数mySecret使用硬编码密码。

Description (English)

Bluebell-plus is a blog forum web project for ChaoHu personal developers. There is a security loophole in the bluebell-plus 2.3.0 and previous versions, which stems from the use of a hard-coded code code in the parameter in file bluebell backend/pkg/jwt/jwt.go.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-06

Last Modified

2026-02-24

References

https://github.com/mao888/bluebell-plus/issues/35 https://vuldb.com/?submit.603726 https://vuldb.com/?ctiid.314993 https://vuldb.com/?id.314993 https://access.redhat.com/security/cve/cve-2025-7079