Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
effectindex/tripreporter vulnerable to improper password verification on POST `/api/v1/account/login`
Vulnerability Description
`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
tripreporter 授权问题漏洞
Vulnerability Description
tripreporter是一个社区驱动的通用平台,用于提交和分析旅行报告。 effectindex tripreporter bd80ba833b9023d39ca22e29874296c8729dd53b 之前版本存在授权问题漏洞,该漏洞源于允许密码符合密码要求的任何用户以任何用户身份登录。
CVSS Information
N/A
Vulnerability Type
N/A