漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
didi KnowSearch 1 credentials storage
Vulnerability Description
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
明文存储口令
Vulnerability Title
DiDi KnowSearch 安全漏洞
Vulnerability Description
DiDi KnowSearch是中国滴滴(DiDi)公司的一个面向 Elasticsearch 研发与运维人员,围绕集群、索引构建的零侵入、多租户的 Elasticsearch GUI 管控平台。 didi KnowSearch 0.3.2、0.3.1.2版本存在安全漏洞,该漏洞源于/api/es/admin/v3/security/user/1 中存在某些未知处理,导致存储凭证不受保护。
CVSS Information
N/A
Vulnerability Type
N/A