漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and Tags
Vulnerability Description
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists, and tags from all users in the system, regardless of their ownership or visibility settings. This issue is fixed in version 2.4.0.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
LinkAce 访问控制错误漏洞
Vulnerability Description
LinkAce是Kevin Woblick个人开发者的一个自托管档案库,用于收集您最喜爱的网站的链接。 LinkAce 2.3.1及之前版本存在访问控制错误漏洞,该漏洞源于FeedController类中经过身份验证的RSS提要端点未实施适当的授权检查,可能导致未经授权访问所有用户的链接、列表和标签。
CVSS Information
N/A
Vulnerability Type
N/A