Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parse Dashboard Missing CSRF Protection on Agent Endpoint
Vulnerability Description
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. The fix in version 9.0.0-alpha.8 adds CSRF middleware to the agent endpoint and embeds a CSRF token in the dashboard page. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Parse Dashboard 跨站请求伪造漏洞
Vulnerability Description
Parse Dashboard是Parse Platform开源的一个仪表盘工具。 Parse Dashboard 7.3.0-alpha.42至9.0.0-alpha.7版本存在跨站请求伪造漏洞,该漏洞源于AI Agent API端点缺乏CSRF保护,可能导致攻击者利用受害者的会话向代理端点提交请求。
CVSS Information
N/A
Vulnerability Type
N/A