CNNVD-202511-364 Information
Nov 05, 2025
cve
CNNVD ID
CNNVD-202511-364
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
HCL DevOps Loop是印度HCL公司的一套代码开发平台。 HCL DevOps Loop存在安全漏洞,该漏洞源于API身份验证中间件未正确验证令牌过期时间和加密签名,可能导致使用过期或篡改令牌获取未授权访问并执行特权操作。
Description (English)
HCL DevOps Loop is a code development platform for HCL India. There is a security loophole in HCL DevOps Loop, which stems from the incorrect authentication of the expiry time and encrypted signature of the API authentication intermediate, which may lead to the use of expired or altered tokens to obtain unauthorized access and perform privileged operations.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
HCL
Published
2025-11-05
Last Modified
2026-02-24
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124203
Patch
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124203
Share on: