Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User
Vulnerability Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and MFA configuration. As any authenticated user can query this endpoint, it's possible to retrieve and potentially crack the passwords of administrative users. Version 8.9.3 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
SuiteCRM 信息泄露漏洞
Vulnerability Description
SuiteCRM是SuiteCRM团队的一个客户关系管理系统。 SuiteCRM 8.9.3之前版本存在信息泄露漏洞,该漏洞源于经过身份验证的API端点允许任何用户检索其他用户的详细信息,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A