Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification
Vulnerability Description
Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制缺失
Vulnerability Title
vito 安全漏洞
Vulnerability Description
vito是VitoDeploy开源的一个服务器管理和PHP应用部署的Web应用。 vito 3.20.3之前版本存在安全漏洞,该漏洞源于工作流站点创建操作中缺少授权检查,可能导致具有一个项目工作流写入权限的已验证攻击者通过提供外部server_id来创建或管理属于其他项目的服务器上的站点。
CVSS Information
N/A
Vulnerability Type
N/A