Impact
In Panindex version < v3.1.3, a hard coded JWT key "PanIndex" is used. Attacker can use hardcoded JWT key to sign JWT token, and perform any actions as a user with admin privileges.
Patches
The problem has been patched. Please upgrade to v3.1.3 or above.
Workarounds
Change JWT key in source code before you compile the project.
Impact
In Panindex version < v3.1.3, a hard coded JWT key "PanIndex" is used. Attacker can use hardcoded JWT key to sign JWT token, and perform any actions as a user with admin privileges.
Patches
The problem has been patched. Please upgrade to v3.1.3 or above.
Workarounds
Change JWT key in source code before you compile the project.