漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HomeBox affected by Blind SSRF
Vulnerability Description
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although the application does not return the response body from the target service, its UI behavior differs depending on the network state of the destination. This creates a behavioral side-channel that enables internal service enumeration. This vulnerability is fixed in 0.24.0-rc.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
HomeBox 代码问题漏洞
Vulnerability Description
HomeBox是SysAdmins Media开源的一个为家庭用户构建的库存和组织系统。 HomeBox 0.24.0-rc.1之前版本存在代码问题漏洞,该漏洞源于通知程序功能允许经过身份验证的用户指定任意URL,且未对提供的主机、IP地址或端口进行验证或限制,可能导致内部服务枚举。
CVSS Information
N/A
Vulnerability Type
N/A