Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
将系统数据暴露到未授权控制的范围
Vulnerability Title
Checkmate 安全漏洞
Vulnerability Description
Checkmate是BlueWave开源的一个开源、自托管的工具,旨在通过精美的可视化实时跟踪和监控服务器硬件、正常运行时间、响应时间和事件。 Checkmate 2.1之前版本存在安全漏洞,该漏洞源于/api/v1/settings端点未限制访问,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A