漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
The contour service was not checking that users had permission to create an analysis for a given dataset
Vulnerability Description
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
直接请求(强制性浏览)
Vulnerability Title
Contour 安全漏洞
Vulnerability Description
Contour是一款使用Envoy代理的Kubernetes入口控制器。 Contour 9.642.0之前版本存在安全漏洞,该漏洞源于不会检查用户是否有权为给定数据集创建分析。攻击者利用该漏洞通过无关的分析来弄乱Compass文件夹。
CVSS Information
N/A
Vulnerability Type
N/A