Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core
Vulnerability Description
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Feedbacksystem 安全漏洞
Vulnerability Description
Feedbacksystem是Institute for Information Sciences开源的一个应用程序。使用人工智能为学生提供智能、个性化的反馈。 Feedbacksystem 1.5.3之前版本存在安全漏洞,该漏洞源于授权不足漏洞。
CVSS Information
N/A
Vulnerability Type
N/A