Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tugtainer vulnerable to Password Exposure via URL Query Parameter
Vulnerability Description
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially exposed through browser history, Referer headers, and proxy logs. Version 1.16.1 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Vulnerability Title
Tugtainer 安全漏洞
Vulnerability Description
Tugtainer是Eugene Savin个人开发者的一个具有web UI的自动化Docker容器更新应用程序。 Tugtainer 1.16.1之前版本存在安全漏洞,该漏洞源于密码身份验证机制通过URL查询参数传输密码,可能导致密码被记录在服务器访问日志、浏览器历史记录、Referer标头和代理日志中。
CVSS Information
N/A
Vulnerability Type
N/A