Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture
Vulnerability Description
pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Github pcapture 代码问题漏洞
Vulnerability Description
Github pcapture是该项目使用 Quarkus,即超音速亚原子 Java 框架。 pcapture 存在代码问题漏洞,该漏洞允许经过身份验证但没有特权的用户使用REST API捕获和下载数据包,而不需要捕获过滤器和足够的权限。
CVSS Information
N/A
Vulnerability Type
N/A