Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
turms 安全漏洞
Vulnerability Description
turms是turms-im开源的一个即时通讯引擎。 turms v0.10.0-SNAPSHOT及之前版本存在安全漏洞,该漏洞源于用户在线状态查询功能中访问控制不当,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A