Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions
Vulnerability Description
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master key and read-only master key. As a workaround, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration.
CVSS Information
N/A
Vulnerability Type
CWE-1289
Vulnerability Title
Parse Dashboard 安全漏洞
Vulnerability Description
Parse Dashboard是Parse Platform开源的一个仪表盘工具。 Parse Dashboard 7.3.0-alpha.42至9.0.0-alpha.7版本存在安全漏洞,该漏洞源于ConfigKeyCache对主密钥和只读主密钥使用相同的缓存键,可能导致在特定时序条件下密钥混淆。
CVSS Information
N/A
Vulnerability Type
N/A