Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fosrl Pangolin Role verifyApiKeyRoleAccess access control
Vulnerability Description
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
pangolin 访问控制错误漏洞
Vulnerability Description
pangolin是Pangolin开源的一个代理软件。 pangolin 1.15.4-s.3及之前版本存在访问控制错误漏洞,该漏洞源于组件Role Handler的函数verifyRoleAccess/verifyApiKeyRoleAccess存在访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A