Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly
Vulnerability Description
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})". The filename parameter is concatenated into a file path without sanitization, allowing an attacker to read arbitrary files on the server using ../ sequences. This issue has been patched in version 1.603.3.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
WindMill 路径遍历漏洞
Vulnerability Description
WindMill是Lukasavicus个人开发者的一个免费的开源工具。用于控制 Python 中的作业执行。 Windmill 1.603.3之前版本存在路径遍历漏洞,该漏洞源于get_log_file端点中的filename参数未经清理直接拼接为文件路径,可能导致攻击者使用../序列读取服务器上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A