Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Vulnerability Description
Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
将系统数据暴露到未授权控制的范围
Vulnerability Title
Fides 安全漏洞
Vulnerability Description
Fides是一个开源隐私工程平台,用于管理运行时环境中数据隐私请求的实现以及代码中隐私法规的执行。 Fides 2.39.2rc0之前版本存在安全漏洞,该漏洞源于 Fides Privacy Center 允许未认证的攻击者通过 HTTP GET 请求访问环境变量 SERVER_SIDE_FIDES_API_URL 的值。
CVSS Information
N/A
Vulnerability Type
N/A