Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
Vulnerability Description
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Outline 安全漏洞
Vulnerability Description
Outline是Outline开源的一个知识库。 Outline 1.4.0之前版本存在安全漏洞,该漏洞源于文档恢复逻辑存在不安全的直接对象引用,可能导致任何团队成员未经授权恢复、查看和获取属于其他用户的已删除草稿的所有权。
CVSS Information
N/A
Vulnerability Type
N/A