Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF in Auth0 ad-ldap-connector
Vulnerability Description
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
ad-ldap-connector 跨站请求伪造漏洞
Vulnerability Description
ad-ldap-connector是个人开发者的一个用于AD和Auth服务的连接器。 ad-ldap-connector 管理面板 5.0.13之前版本存在跨站请求伪造漏洞,攻击者可利用该漏洞可能导致远程代码执行或机密数据丢失。如果用户在可以通过浏览器访问ad-ldap-connector管理控制台的同一台机器上访问包含CSRF有效负载的恶意页面,就可能发生CSRF攻击。
CVSS Information
N/A
Vulnerability Type
N/A