Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
StudioCMS Affected by Privilege Escalation via Insecure API Token Generation
Vulnerability Description
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target user ID, resulting in a full privilege escalation. This vulnerability is fixed in 0.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
StudioCMS 安全漏洞
Vulnerability Description
StudioCMS是StudioCMS开源的一个内容管理系统。 StudioCMS 0.4.0之前版本存在安全漏洞,该漏洞源于/studiocms_api/dashboard/api-tokens端点授权不当,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A