Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zapier 安全漏洞
Vulnerability Description
Zapier是美国Zapier公司的一种产品。允许最终用户集成他们使用的 We b应用程序并使工作流程自动化。 Zapier 2022-08-17年之前版本存在安全漏洞,该漏洞源于编写的代码允许账户内权限升级。攻击者利用该漏洞执行Python或JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A