{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:59:27.592","vulnerabilities":[{"cve":{"id":"CVE-2023-48396","sourceIdentifier":"security@apache.org","published":"2024-07-30T09:15:02.540","lastModified":"2025-07-10T18:49:05.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."},{"lang":"es","value":" Vulnerabilidad de autenticación web en Apache SeaTunnel. Dado que la clave jwt está codificada en la aplicación, un atacante puede falsificar cualquier token para iniciar sesión en cualquier usuario. El atacante puede obtener la clave secreta en /seatunnel-server/seatunnel-app/src/main/resources/application.yml y luego crear un token. Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versión 1.0.1, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2275FCE7-D9F5-4541-8193-85423472BC64"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/07/30/1","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/30/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}