Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Privilege Management in Patrowl
Vulnerability Description
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
PatrOwl 安全漏洞
Vulnerability Description
PatrOwl是一种用于编排安全操作的可扩展、免费和开源解决方案。 PatrOwl 存在安全漏洞,该漏洞源于 PatrowlManager 中不正确的权限管理 (IDOR)。
CVSS Information
N/A
Vulnerability Type
N/A