漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Siren Investigate 代码问题漏洞
Vulnerability Description
Siren Investigate是爱尔兰Siren公司的Siren 平台的前端,允许创建仪表板、图表、链接分析、警报等。 Siren Investigate 11.1.1之前版本存在代码问题漏洞,攻击者可利用该漏洞在映像代理路由的参数中指定任意URL,并作为主机上的Investigate进程获取外部URL。
CVSS Information
N/A
Vulnerability Type
N/A