Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CoreDNS ACL Bypass
Vulnerability Description
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
CoreDNS 安全漏洞
Vulnerability Description
CoreDNS是CoreDNS社区的一个 DNS 服务器。 CoreDNS 1.14.2之前版本存在安全漏洞,该漏洞源于插件默认执行顺序存在逻辑漏洞,可能导致DNS访问控制被绕过。
CVSS Information
N/A
Vulnerability Type
N/A