漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId
Vulnerability Description
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization vulnerability allows any authenticated user to reopen finalized polls belonging to other users by manipulating the pollId parameter. This can disrupt events managed by other users and compromise both availability and integrity of poll data. This issue has been patched in version 4.5.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Rallly 安全漏洞
Vulnerability Description
Rallly是Luke Vella个人开发者的一款日程安排和协作工具,旨在更轻松地组织活动和会议。 Rallly 4.5.4之前版本存在安全漏洞,该漏洞源于授权不当,可能导致任意认证用户通过操纵pollId参数重新打开其他用户的最终投票,破坏事件管理并损害投票数据的可用性和完整性。
CVSS Information
N/A
Vulnerability Type
N/A