Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authentication in PrivateUploader
Vulnerability Description
PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
PrivateUploader 授权问题漏洞
Vulnerability Description
PrivateUploader是终极开源图像上传器和文件存储解决方案。 PrivateUploader 3.2.49之前版本存在授权问题漏洞,该漏洞源于未正确验证用户是管理员(高级别)还是主持人(低级别),导致请求继续处理。
CVSS Information
N/A
Vulnerability Type
N/A