Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Seerr missing authentication on pushSubscription endpoints
Vulnerability Description
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other users. This issue is due to the absence of the `isOwnProfileOrAdmin()` middleware on several push subscription API routes. Version 3.1.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
seerr 安全漏洞
Vulnerability Description
seerr是Seerr Team开源的一个媒体请求和发现管理器。 Seerr 2.7.0至3.1.0之前版本存在安全漏洞,该漏洞源于缺少授权检查,可能导致经过身份验证的用户访问和修改其他用户的数据。
CVSS Information
N/A
Vulnerability Type
N/A