CVE-2023-47315

HIGH

Headwind MDM 5.22.1 - Incorrect Access Control via Hard-coded JWT Secret

Title source: llm
STIX 2.1

Description

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://boltonshield.com/en/cve/cve-2023-47315/

Scores

CVSS v3 8.8
EPSS 0.0078
EPSS Percentile 51.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
h-mdm/headwind_mdm 5.22.1
Published Nov 22, 2023
Tracked Since Feb 18, 2026