Further research determined the issue is not a vulnerability.
History

Tue, 30 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Title dsa-hub-server: Clear-Text Storage of Sensitive Data
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba. Further research determined the issue is not a vulnerability.

Wed, 11 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Toxicbishop dsa Study Hub
CPEs cpe:2.3:a:toxicbishop:dsa_study_hub:*:*:*:*:*:node.js:*:*
Vendors & Products Toxicbishop dsa Study Hub

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Toxicbishop
Toxicbishop dsa-with-tsx
Vendors & Products Toxicbishop
Toxicbishop dsa-with-tsx

Sat, 07 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.
Title dsa-hub-server: Clear-Text Storage of Sensitive Data
Weaknesses CWE-311
CWE-522
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: REJECTED

Assigner: GitHub_M

Published: 2026-03-07T16:06:51.072Z

Updated: 2026-06-30T18:36:40.195Z

Reserved: 2026-03-02T21:43:19.927Z

Link: CVE-2026-28678

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T16:15:54.010

Modified: 2026-06-17T10:28:53.570

Link: CVE-2026-28678

cve-icon Redhat

No data.