Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Coolify leaksensitive information `email_change_code` in `/api/v1/teams/{team_id | current}/members` API endpoint
Vulnerability Description
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows authenticated team members to access a highly sensitive `email_change_code` from other users on the same team. This code is intended for a single-use email change verification and should be kept secret. Its exposure could enable a malicious actor to perform an unauthorized email address change on behalf of the victim. As of time of publication, no known patched versions exist.
CVSS Information
N/A
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
Coolify 安全漏洞
Vulnerability Description
Coolify是coolLabs开源的一个开源和自托管的 Heroku/Netlify/Vercel 替代品。 Coolify v4.0.0-beta.420.8及之前版本存在安全漏洞,该漏洞源于API端点存在信息泄露,可能导致未经授权的电子邮件地址更改。
CVSS Information
N/A
Vulnerability Type
N/A