漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Information disclosure via CORS misconfiguration
Vulnerability Description
When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
DNSdist 安全漏洞
Vulnerability Description
DNSdist是DNSdist开源的一款高度感知 DNS、DoS 和滥用的负载均衡器。 DNSdist存在安全漏洞,该漏洞源于启用内部Web服务器时,跨源资源共享策略配置不当,可能导致攻击者诱骗管理员访问恶意网站并从仪表板提取运行配置信息。
CVSS Information
N/A
Vulnerability Type
N/A