Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FreshRSS: Unauthorized creation of admin user when registration is enabled
Vulnerability Description
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, new_user_is_admin. This is fixed in version 1.27.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
FreshRSS 访问控制错误漏洞
Vulnerability Description
FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.16.0版本至1.26.3版本存在访问控制错误漏洞,该漏洞源于注册功能启用时未授权攻击者可利用隐藏字段创建管理员账户,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A