Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem
Vulnerability Description
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Engelsystem 代码问题漏洞
Vulnerability Description
Engelsystem是Engelsystem开源的一个轮班计划系统。 Engelsystem存在代码问题漏洞,该漏洞源于Import schedule功能存在服务器请求伪造(SSRF)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A