Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Private categories allow suggested edits to be viewed via the queue in @codidact/qpixel
Vulnerability Description
@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates. ### Patches Not yet patched. ### Workarounds None available. Private or limited-visibility categories should not be considered ways to store sensitive information. ### References Internal: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114)
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
QPixel 信息泄露漏洞
Vulnerability Description
QPixel是Codidact开源的一个基于问答的社区知识共享软件。 QPixel存在信息泄露漏洞,该漏洞源于当类别被设置为私有或有限可见性时,此类别内的建议编辑仍可通过建议编辑队列被无特权或匿名用户查看,导致私有或受限内容的暴露。
CVSS Information
N/A
Vulnerability Type
N/A