Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TrueFiling authorization bypass via user-controlled keys
Vulnerability Description
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在安全决策中依赖未经信任的输入
Vulnerability Title
TrueFiling 安全漏洞
Vulnerability Description
TrueFiling是TrueFiling公司的一个基于 Web 的电子归档系统。 TrueFiling 3.1.112.19之前版本存在安全漏洞,该漏洞源于允许用户获得对案件信息的部分访问权限,以及更改用户对案件信息的访问权限的能力。
CVSS Information
N/A
Vulnerability Type
N/A