Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
didi KnowSearch 1 credentials storage
Vulnerability Description
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
明文存储口令
Vulnerability Title
DiDi KnowSearch 安全漏洞
Vulnerability Description
DiDi KnowSearch是中国滴滴(DiDi)公司的一个面向 Elasticsearch 研发与运维人员,围绕集群、索引构建的零侵入、多租户的 Elasticsearch GUI 管控平台。 didi KnowSearch 0.3.2、0.3.1.2版本存在安全漏洞,该漏洞源于/api/es/admin/v3/security/user/1 中存在某些未知处理,导致存储凭证不受保护。
CVSS Information
N/A
Vulnerability Type
N/A