Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect TLS certificate validation can lead to escalated privileges
Vulnerability Description
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Vulnerability Type
N/A
Vulnerability Title
Internet Systems Consortium Stork 安全漏洞
Vulnerability Description
Internet Systems Consortium Stork(ISC Stork)是Internet Systems Consortium组织的一个开源图形化管理。用于监控、故障排除和维护 Kea DHCP 服务器的配置。 Internet Systems Consortium Stork 0.15.0至1.15.0版本存在安全漏洞,该漏洞源于TLS证书验证代码存在缺陷,攻击者可以连接到Stork代理,向受监控的服务发送恶意命令,导致机密数据丢失或受到拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A