Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Any logged in user could edit any other logged in user.
Vulnerability Description
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
npm a12n-server 安全漏洞
Vulnerability Description
npm a12n-server是美国npm公司的一个应用软件。提供一个简单的身份验证系统。 a12n-server 存在安全漏洞,该漏洞允许任何登录用户进行更改。
CVSS Information
N/A
Vulnerability Type
N/A