Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Coral Server has insufficient agent authentication in session communication channels
Vulnerability Description
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who obtained or predicted a session identifier to impersonate an agent or join an existing session. This vulnerability is fixed in 1.1.0.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
coral-server 安全漏洞
Vulnerability Description
coral-server是CoralOS开源的一个基于Docker的服务器运行与配置管理工具。 coral-server 1.1.0之前版本存在安全漏洞,该漏洞源于未在活动会话中强制进行强身份验证,可能导致攻击者通过获取或预测会话标识符来冒充代理或加入现有会话。
CVSS Information
N/A
Vulnerability Type
N/A