Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint
Vulnerability Description
Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or authorization checks. Any uploaded file can be accessed directly via its URL by unauthenticated users (e.g., in an incognito browser session), leading to potential disclosure of sensitive documents. The problem was patched in v0.32.2, and the patch was further improved on in 032.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Initiative 安全漏洞
Vulnerability Description
Initiative是Morelitea开源的一个项目管理平台。 Initiative 0.32.2之前版本存在安全漏洞,该漏洞源于上传的文档可通过公开访问的/uploads/目录获取,无需任何身份验证或授权检查,可能导致敏感文档泄露。
CVSS Information
N/A
Vulnerability Type
N/A