Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Proxmox pve-http-server 代码问题漏洞
Vulnerability Description
pve-http-server是Proxmox开源的一个虚拟化环境库。 Proxmox pve-http-server 存在安全漏洞,该漏洞源于在pve(pmg)proxy和pve(pmg)daemon之间代理HTTP请求时,存在SSRF漏洞,拥有非特权帐户的攻击者可以制作HTTP请求以实现服务器上任何文件的SSRF和文件泄露。
CVSS Information
N/A
Vulnerability Type
N/A