漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mass Assignment via Onboarding Endpoint Allows Unauthenticated JWT_SECRET Overwrite
Vulnerability Description
Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass assignment. The global NestJS ValidationPipe is configured without whitelist: true, so extra properties on the request body that are not declared in SaveOnboardingConfigRequest are not stripped and are iterated in the service layer as if they were legitimate InfraConfig entries. Because keys such as JWT_SECRET and SESSION_SECRET are valid InfraConfigEnum values and are not explicitly rejected during validation, an unauthenticated attacker who can reach a fresh instance before onboarding completes (or when no users exist) can overwrite these values in the database. Overwriting JWT_SECRET gives the attacker control of the JWT signing key, allowing them to forge tokens for any user, including administrators, and results in full server compromise. The issue is fixed in hoppscotch 2026.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
CWE-915
Vulnerability Title
Hoppscotch 输入验证错误漏洞
Vulnerability Description
Hoppscotch是Hoppscotch组织开源的一个Api开发生态系统。 Hoppscotch 2026.4.1及之前版本存在输入验证错误漏洞,该漏洞源于POST /v1/onboarding/config端点存在批量赋值问题,可能导致未经身份验证的攻击者在初始设置完成前覆盖JWT_SECRET和SESSION_SECRET等值,从而获取JWT签名密钥控制权,伪造任意用户令牌,最终导致服务器完全被攻破。
CVSS Information
N/A
Vulnerability Type
N/A