漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Server Side Request Forgery in Ziti Console
Vulnerability Description
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side request, resulting in a potential Server-Side Request Forgery (SSRF) vulnerability. The fixed version has moved the request to the external controller from the server side to the client side, thereby eliminating the identity of the node from being used to gain any additional permissions. This vulnerability is fixed in 3.7.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
OpenZiti Console 代码问题漏洞
Vulnerability Description
OpenZiti Console是OpenZiti开源的一个 OpenZiti 网络的管理 Web 界面。 OpenZiti Console 3.7.1之前版本存在代码问题漏洞,该漏洞源于未经验证即可访问端点,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A