漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server
Vulnerability Description
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a shared secret only known to the synchronization server. The frontend hands this encrypted token and the backend URL over to the synchronization server to check user's ability to work on the document and perform intermittent saves while editing. The synchronization server does not properly validate the backend URL and sends a request with the decrypted authentication token to the endpoint that was given to the server. An attacker could use this vulnerability to decrypt a token that he intercepted by other means to gain an access token to interact with OpenProject on the victim's behalf. This vulnerability was introduced with OpenProject 17.0.0 and was fixed in 17.0.2. As a workaround, disable the collaboration feature via Settings -> Documents -> Real time collaboration -> Disable. Additionally the `hocuspocus` container should also be disabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
OpenProject 数据伪造问题漏洞
Vulnerability Description
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 17.0.0版本至17.0.2之前版本存在数据伪造问题漏洞,该漏洞源于同步服务器未正确验证后端URL,可能导致访问令牌泄露。
CVSS Information
N/A
Vulnerability Type
N/A