Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insertion of Sensitive Information into Log in codeigniter4/shield
Vulnerability Description
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
CodeIgniter Shield 日志信息泄露漏洞
Vulnerability Description
CodeIgniter Shield是CodeIgniter公司的CodeIgniter 4的身份验证和授权模块。 CodeIgniter Shield 1.0.0-beta.8之前版本存在日志信息泄露漏洞,该漏洞源于存在日志信息泄露漏洞。
CVSS Information
N/A
Vulnerability Type
N/A