Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pleasant Password Server 安全漏洞
Vulnerability Description
Pleasant Password Server是加拿大Pleasant Solutions公司的一款多用户密码管理器。 Pleasant Password Server 7.8.3之前版本中存在安全漏洞,该漏洞源于程序没有进行权限检测。攻击者可借助相应的‘CredentialId’值利用该漏洞列出、上传或删除附件。
CVSS Information
N/A
Vulnerability Type
N/A