Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Communities and collections administrators can escalate their privilege up to system administrator
Vulnerability Description
DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
DuraSpace 安全漏洞
Vulnerability Description
Dspace是DuraSpace社区的一个开源的交钥匙存储库应用程序。 DuraSpace DSpace 7.0版本存在安全漏洞,任何社区或馆藏管理员都可以将其权限提升为系统管理员。
CVSS Information
N/A
Vulnerability Type
N/A