漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LavinMQ has incomplete shovel configuration validation
Vulnerability Description
LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not authorized to access or publish messages to vhosts they are not authorized to access. This vulnerability is fixed in 2.6.8.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
lavinmq 安全漏洞
Vulnerability Description
lavinmq是CloudAMQP开源的一个消息队列和流媒体服务器。 LavinMQ 2.6.8之前版本存在安全漏洞,该漏洞源于具有Policymaker标签的认证用户可绕过访问控制创建shovels,可能导致读取或发布未授权虚拟主机的消息。
CVSS Information
N/A
Vulnerability Type
N/A