CNNVD-202512-397 Information

CNNVD ID

CNNVD-202512-397

Related CVE

CVE-2025-13948

• CNNVD Published: 2025-12-03

Description (Chinese)

Go Ldap Admin是中国opsre组织的一个基于Go+Vue实现的openLDAP后台管理项目。 Go Ldap Admin 20251011及之前版本存在安全漏洞，该漏洞源于docs/docker-compose/docker-compose.yaml文件中JWT Handler组件使用硬编码加密密钥，可能导致安全风险。

Description (English)

Go Ldap Admin is an openLDAP back-office management project based on Go+Vue, a Chinese opsre organization. There is a security loophole in Go Ldap Admin 20251011 and earlier versions, which stems from the use of hard-coded encryption keys for the JWT Handler component in Docs/docker-compose/docker-compose.yaml.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

opsre

Published

2025-12-03

Last Modified

2026-02-24

References

https://vuldb.com/?submit.692213 https://vuldb.com/?id.334163 https://vuldb.com/?ctiid.334163 https://gist.github.com/H2u8s/a51ac1fe38d62746d1425b70ff49420c https://access.redhat.com/security/cve/cve-2025-13948