Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tiny Tiny RSS 安全漏洞
Vulnerability Description
Tiny Tiny RSStt-rss,tt-rss是一个基于开源的基于浏览器的新闻源阅读器和聚合器。 Tiny Tiny RSS before 2021-03-12 存在安全漏洞,该漏洞允许攻击者在没有有效密码的情况下通过OTP代码登录。
CVSS Information
N/A
Vulnerability Type
N/A