漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insecure Default Authorization in Temporal Server
Vulnerability Description
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
Temporal Server 安全漏洞
Vulnerability Description
Temporal Server是Temporal公司的一个微服务编排平台。 Temporal Server 存在安全漏洞,该漏洞源于默认设置不安全。
CVSS Information
N/A
Vulnerability Type
N/A