Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CollabPlatform : CORS Misconfiguration Allows Arbitrary Origin With Credentials Leading to Authenticated Account Data Exposure
Vulnerability Description
CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
源验证错误
Vulnerability Title
CollabPlatform 安全漏洞
Vulnerability Description
CollabPlatform是Manav Mahesh Sanger个人开发者的一个实时协作平台。 CollabPlatform存在安全漏洞,该漏洞源于Appwrite项目CORS配置不当,允许任意来源的凭据请求,可能导致敏感用户账户信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A