Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)
Vulnerability Description
Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
homarr 安全漏洞
Vulnerability Description
homarr是Thomas Camlong个人开发者的一个可定制的浏览器主页,用于与主服务器的 Docker 容器进行交互。 Homarr 1.54.0之前版本存在安全漏洞,该漏洞源于integration.all tRPC端点暴露为公共过程,可能导致未经验证的用户检索配置的集成列表,从而泄露内部服务URL、集成名称和服务类型等敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A