Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Configuration leak
Vulnerability Description
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特殊命令到另一不同平面时的净化处理不恰当(特殊命令注入)
Vulnerability Title
Cachet 安全漏洞
Vulnerability Description
Github Cachet是一个应用软件。一个开源状态页面系统。 Github Cachet 存在安全漏洞,该漏洞源于 Cachet 在 2.5.1 版本之前,经过身份验证的用户,无论其权限如何(用户或管理员),都可能泄露 dotenv 文件的任何配置条目的值。
CVSS Information
N/A
Vulnerability Type
N/A