Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper write access check in Requarks/wiki
Vulnerability Description
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Wiki.js 安全漏洞
Vulnerability Description
Wiki.js是Requarks.io团队的一套基于Node.js并使用JavaScript语言编写的开源Wiki软件。 Wiki.js存在安全漏洞,该漏洞源于应用缺少对于权限的控制与管理,在受影响的版本中,对受限制的一组路径具有写访问权限的经过身份验证的用户可以通过指定不同的目标页面ID来更新允许路径之外的页面,同时保持路径不变。访问控制错误地根据用户提供的值而不是与页面ID相关联的实际路径来检查路径访问。
CVSS Information
N/A
Vulnerability Type
N/A