From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Dragonfly2 vulnerable to hard coded cryptographic key - Severity: Critical - Publisher: gaius-qi - Published: 2 days ago - Package Name: github.com/dragonflyoss/Dragonfly2 (Go) - Affected Versions: <= 2.0.8 - Fixed Versions: None 2. Vulnerability Details: - Summary: Dragonfly uses JWT for user authentication, but the JWT "Secret Key" is hardcoded, leading to authentication bypass. - Code Example: 3. PoC: - Generate JWT token using the following code: 4. Impact: - Attackers can perform any operation as a user with administrative privileges. 5. CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Confidentiality: High - Integrity: High - Availability: High 6. CWE ID: CWE-321 7. Reporter: cokeBeer This information provides a detailed description of the vulnerability's nature, impact, and remediation suggestions, helping developers understand and fix the issue.