Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure
Vulnerability Description
Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Typebot 安全漏洞
Vulnerability Description
Typebot是Baptiste Arnaud个人开发者的一个开源聊天机器人构建器。 Typebot 3.9.0版本至3.13.0之前版本存在安全漏洞,该漏洞源于API令牌管理端点存在不安全的直接对象引用,可能导致删除和检索任意用户的API令牌。
CVSS Information
N/A
Vulnerability Type
N/A