x/vulndb: potential Go vuln in github.com/actiontech/sqle: GHSA-43h9-hc38-qph5 #4269
Description
Advisory GHSA-43h9-hc38-qph5 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/actiontech/sqle |
Description:
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key.
The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming relea...
References:
- ADVISORY: GHSA-43h9-hc38-qph5
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-15107
- REPORT: [Vulnerability] sqle JWT_SECRET AND Valid credentials HardCoded actiontech/sqle#3186
- WEB: https://github.com/actiontech/sqle/blob/4714f83f33e0d7aa647036eb756e928aa4174014/sqle/utils/jwt.go#L9
- WEB: https://github.com/actiontech/sqle/milestone/53
- WEB: https://vuldb.com/?ctiid.338478
- WEB: https://vuldb.com/?id.338478
- WEB: https://vuldb.com/?submit.710380
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/actiontech/sqle
vulnerable_at: 1.2210.0
summary: SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle
cves:
- CVE-2025-15107
ghsas:
- GHSA-43h9-hc38-qph5
references:
- advisory: https://github.com/advisories/GHSA-43h9-hc38-qph5
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-15107
- report: https://github.com/actiontech/sqle/issues/3186
- web: https://github.com/actiontech/sqle/blob/4714f83f33e0d7aa647036eb756e928aa4174014/sqle/utils/jwt.go#L9
- web: https://github.com/actiontech/sqle/milestone/53
- web: https://vuldb.com/?ctiid.338478
- web: https://vuldb.com/?id.338478
- web: https://vuldb.com/?submit.710380
source:
id: GHSA-43h9-hc38-qph5
created: 2025-12-29T21:01:18.001474819Z
review_status: UNREVIEWED