漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
data.all admin user may access potentially sensitive data stored by producers via logs
Vulnerability Description
A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
data.all 安全漏洞
Vulnerability Description
data.all是data-dot-all开源的一个开源开发框架。 data.all存在安全漏洞,该漏洞源于有权访问部署 data.all 的客户拥有的 AWS 账户的 data.all 管理团队成员可能能够通过 CloudWatch 日志扫描从 data.all 中的 data.all 应用程序日志中提取用户数据,以查找与客户生产者团队数据交互的特定操作。
CVSS Information
N/A
Vulnerability Type
N/A