VYPR

Hippo4j

by Opengoofy

Source repositories

CVEs (4)

  • CVE-2025-51606HigAug 21, 2025
    risk 0.57cvss 8.8epss 0.00

    hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as "admin". The vulnerability…

  • CVE-2023-27096Mar 27, 2023
    risk 0.00cvss epss 0.01

    Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.

  • CVE-2023-27094Mar 23, 2023
    risk 0.00cvss epss 0.01

    An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.

  • CVE-2023-27095Mar 16, 2023
    risk 0.00cvss epss 0.01

    Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.