Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficiently Protected ChatBot Credentials in tgstation-server
Vulnerability Description
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
tgstation-server 安全漏洞
Vulnerability Description
tgstation-server是一款用于管理生产BYOND服务器的工具集。 tgstation-server 4.7.0到5.12.1之前版本存在安全漏洞,该漏洞源于越权读取聊天机器人连接字符串。
CVSS Information
N/A
Vulnerability Type
N/A