Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Auto-merging Person Records Compromised
Vulnerability Description
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events). There is a patch in version 2.20.0. As a workaround, one can patch one's server by overriding the `create` data source method on the `People` class.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Apollos Apps 授权问题漏洞
Vulnerability Description
Apollos Apps是一个开源平台,用于发布与教会相关的应用程序。 Apollos Apps 存在授权问题漏洞,该漏洞源于新的用户注册只需要知道任何人的基本个人信息(姓名、生日、性别等)就可以访问任何人的账户。
CVSS Information
N/A
Vulnerability Type
N/A