Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoDB: Refresh Tokens Not Revoked on Password Reset
Vulnerability Description
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3.
CVSS Information
N/A
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
NocoDB 代码问题漏洞
Vulnerability Description
NocoDB是nocodb开源的一个 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB 0.301.3之前版本存在代码问题漏洞,该漏洞源于密码重置流程未撤销现有刷新令牌,可能导致攻击者在受害者重置密码后继续使用被盗令牌。
CVSS Information
N/A
Vulnerability Type
N/A