CNNVD-202602-546 Information

CNNVD ID

CNNVD-202602-546

Related CVE

CVE-2026-25538

• CNNVD Published: 2026-02-04

Description (Chinese)

Devtron是Devtron开源的一个 Kubernetes 云原生工具集成平台。 Devtron 2.0.0及之前版本存在安全漏洞，该漏洞源于Attributes API接口访问控制不当，可能导致获取全局API令牌签名密钥并伪造JWT令牌。

Description (English)

Devtron is a Kubernetes tool integration platform for Devtron’s open source. There is a security loophole in Devtron 2.0 and previous versions, which stems from inadequate access controls at the Attributes API interface, which may lead to the acquisition of a global API signature key and the falsification of JWT.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Devtron

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/devtron-labs/devtron/commit/d2b0d260d858ab1354b73a8f50f7f078ca62706f https://github.com/devtron-labs/devtron/security/advisories/GHSA-8wpc-j9q9-j5m2

Patch

https://devtron.ai/