Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Manager generates mTLS certificates for arbitrary IP addresses
Vulnerability Description
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the peer connects from the same IP address as the one provided in the certificate request. This vulnerability is fixed in 2.1.0.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Dragonfly 安全漏洞
Vulnerability Description
Dragonfly是DragonflyDB开源的一个框架,可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞,该漏洞源于Manager的Certificate gRPC服务未验证请求IP地址是否属于请求证书的对等节点,可能导致mTLS身份验证失效。
CVSS Information
N/A
Vulnerability Type
N/A