Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint
Vulnerability Description
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an unauthenticated attacker to bypass network isolation and access restrictions, potentially enabling access to internal services, cloud metadata endpoints, and exfiltration of sensitive data from isolated network segments. This vulnerability is fixed in version 25.7.21.2525.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Manager-io 代码问题漏洞
Vulnerability Description
Manager-io是Manager.io开源的一个会计软件。适用于Windows、Mac和Linux。 Manager-io 25.7.18.2519及之前版本存在代码问题漏洞,该漏洞源于代理处理组件访问控制不当,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A