Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums
Vulnerability Description
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within the URL query parameters in a GET request to /api/shared-links/me. This exposes the password in browser history, proxy and server logs, and referrer headers, allowing unintended disclosure of authentication credentials. The impact of this vulnerability is the potential compromise of shared album access and unauthorized exposure of sensitive user data. This issue has been patched in version 2.6.0.
CVSS Information
N/A
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Vulnerability Title
immich 安全漏洞
Vulnerability Description
immich是Immich开源的一个高性能自托管照片和视频管理解决方案。 immich 2.6.0之前版本存在安全漏洞,该漏洞源于共享相册认证过程中密码通过URL参数传输,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A