漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GHSL-2024-034: memos CORS Misconfiguration in server.go
Vulnerability Description
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Memos 安全漏洞
Vulnerability Description
Memos是Memos开源的一个具有知识管理和社交功能的开源自托管备忘录中心。 Memos 0.20.1及之前版本存在安全漏洞,该漏洞源于存在CORS配置错误,可能允许攻击网站发出跨源请求,从而允许攻击者以易受攻击的用户帐户身份读取私人信息或对系统进行特权更改。
CVSS Information
N/A
Vulnerability Type
N/A