{"id":"CVE-2022-35540","details":"Hardcoded JWT Secret in AgileConfig \u003c1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.","aliases":["GHSA-mj5w-w588-j6xg"],"modified":"2026-04-10T04:49:41.123338Z","published":"2022-08-18T23:15:08.293Z","references":[{"type":"REPORT","url":"https://github.com/dotnetcore/AgileConfig/issues/91"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotnetcore/agileconfig","events":[{"introduced":"0"},{"fixed":"e46fa2d1534ef8c710f9fd31de85c924e7993e39"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.8"}]}}],"versions":["0.0.1","1.0.0","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.7.1","1.1.7.2","p1.2.0","preview-1.2.0","preview-1.2.0.1","preview-1.2.0.2","preview-1.2.0.3","preview-1.3.0","preview-1.3.1","preview-1.6.0","preview-1.6.1","realease-1.3.8.1","release-1.1.9","release-1.2.0.3","release-1.2.0.4","release-1.2.1","release-1.2.1.1","release-1.2.3","release-1.2.3.1","release-1.2.3.2","release-1.2.3.3","release-1.2.4","release-1.3.1","release-1.3.2","release-1.3.4","release-1.3.5","release-1.3.6","release-1.3.7","release-1.3.8.2","release-1.3.8.3","release-1.3.8.4","release-1.4.0","release-1.4.3","release-1.5.0","release-1.5.1","release-1.5.1.1","release-1.5.1.2","release-1.5.1.3","v-1.5.4","v-1.5.6","v-1.5.7.2","v-1.5.7.3","v-1.5.7.4","v-1.5.7.8","v-1.6.0","v-1.6.1","v-1.6.2","v-1.6.3","v-1.6.3.1","v-1.6.3.2","v-1.6.3.3","v-1.6.4","v-1.6.5","v-1.6.6","v-1.6.7","v-1.6.7.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35540.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}