Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
Eigen NLP 安全漏洞
Vulnerability Description
Eigen NLP是一套自然语言处理系统。 Eigen NLP 3.10.1 中存在安全漏洞,该漏洞源于/auth/v1/user/{user-guid}/ 用户版端点缺乏访问控制。该漏洞可能允许任何登录用户通过 PATCH 请求中的 user_permissions 数组增加他们自己的权限. 来宾用户可以修改其他用户的配置文件等等。
CVSS Information
N/A
Vulnerability Type
N/A