Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LavinMQ has incomplete shovel configuration validation
Vulnerability Description
LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not authorized to access or publish messages to vhosts they are not authorized to access. This vulnerability is fixed in 2.6.8.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
lavinmq 安全漏洞
Vulnerability Description
lavinmq是CloudAMQP开源的一个消息队列和流媒体服务器。 LavinMQ 2.6.8之前版本存在安全漏洞,该漏洞源于具有Policymaker标签的认证用户可绕过访问控制创建shovels,可能导致读取或发布未授权虚拟主机的消息。
CVSS Information
N/A
Vulnerability Type
N/A