Sqle
Monthly
Actiontech SQLE up to version 4.2511.0 uses a hard-coded cryptographic key in its JWT Secret Handler (sqle/utils/jwt.go), allowing remote attackers with no authentication or user interaction to gain limited information disclosure. The vulnerability results from improper handling of the JWTSecretKey argument, though exploitation is rated as difficult due to high attack complexity. Publicly available exploit code exists, and the vendor has committed to addressing this in an upcoming release.
Actiontech SQLE up to version 4.2511.0 uses a hard-coded cryptographic key in its JWT Secret Handler (sqle/utils/jwt.go), allowing remote attackers with no authentication or user interaction to gain limited information disclosure. The vulnerability results from improper handling of the JWTSecretKey argument, though exploitation is rated as difficult due to high attack complexity. Publicly available exploit code exists, and the vendor has committed to addressing this in an upcoming release.