Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Frappe File Permissions can by bypassed using certain endpoints
Vulnerability Description
Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Frappe 安全漏洞
Vulnerability Description
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe 14.66.3之前版本和15.16.0之前版本存在安全漏洞,该漏洞源于允许攻击者使用某些端点绕过文件权限,授予特权较低的用户删除或克隆文件的权限。
CVSS Information
N/A
Vulnerability Type
N/A