漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
data.all authenticated users can perform restricted operations against DataSets and Environments
Vulnerability Description
Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
data.all 安全漏洞
Vulnerability Description
data.all是data-dot-all开源的一个开源开发框架。 data.all存在安全漏洞,该漏洞源于授权权限不一致,可能会允许具有经过身份验证的帐户的外部参与者对数据集和环境执行受限操作。
CVSS Information
N/A
Vulnerability Type
N/A