Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Forms possible to view submission details of other people than intended
Vulnerability Description
Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned. Attackers can guess a code or modify the received code to look up arbitrary submissions, after logging in (with DigiD/eHerkenning/... depending on form configuration). This vulnerability is fixed in 3.3.13 and 3.4.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Open Forms 访问控制错误漏洞
Vulnerability Description
Open Forms是Open Formulieren开源的一种智能动态表格。用于快速创建通过 API 公开的强大而智能的表单。 Open Forms 3.3.13之前版本和3.4.5之前版本存在访问控制错误漏洞,该漏洞源于攻击者可猜测或修改代码来查找任意提交,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A