漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.
Vulnerability Description
The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
1E Platform 安全漏洞
Vulnerability Description
1E Platform是1E公司的一种终端端点管理和自动化解决方案。 1E Platform 23之前版本存在安全漏洞,该漏洞源于身份服务器可以启用URL重定向到不受信任的站点。
CVSS Information
N/A
Vulnerability Type
N/A