Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats
Vulnerability Description
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
PolarLearn 访问控制错误漏洞
Vulnerability Description
PolarLearn是PolarNL开源的一个在线学习平台。 PolarLearn 0-PRERELEASE-16及之前版本存在访问控制错误漏洞,该漏洞源于无需登录即可使用群聊WebSocket,可能导致未经验证的客户端订阅和发送消息至任意群组。
CVSS Information
N/A
Vulnerability Type
N/A