漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Himmelblau's Kerberos credential cache collection is world readable
Vulnerability Description
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Himmelblau 安全漏洞
Vulnerability Description
Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau 0.8.0至0.9.21版本和1.0.0-beta至1.1.0版本存在安全漏洞,该漏洞源于云TGT凭据缓存存储为全局可读。
CVSS Information
N/A
Vulnerability Type
N/A