Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Handling of Insufficient Permissions or Privileges in Conduit
Vulnerability Description
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
Conduit 安全漏洞
Vulnerability Description
Conduit是Famedly开源的一款简单、快速、可靠的聊天服务器。 Conduit v0.6.0及之前版本存在安全漏洞,该漏洞源于处理编辑时未检查权限,导致本地用户可以编辑同一服务器上用户的任何消息。
CVSS Information
N/A
Vulnerability Type
N/A