漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Nexkey allows users to bypass authentication of Bull dashboard
Vulnerability Description
Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Nexkey 授权问题漏洞
Vulnerability Description
Nexkey是nexryai个人开发者的一个开源、去中心化的社交媒体平台。 Nexkey 12.121.9之前版本存在授权问题漏洞,该漏洞源于允许攻击者绕过身份验证来访问作业队列仪表盘。
CVSS Information
N/A
Vulnerability Type
N/A