Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Altium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace Access
Vulnerability Description
Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on those origins could access authenticated workspace APIs in the context of a logged-in user. When chained with vulnerabilities in those external applications, this misconfiguration enables unauthorized access to workspace data, administrative actions, and bypass of IP allowlisting controls, including in GovCloud environments.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
Altium Forum 安全漏洞
Vulnerability Description
Altium Forum是美国Altium公司的一个在线社区。 Altium Forum存在安全漏洞,该漏洞源于服务器端输入清理不足,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A