Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PingPong has improper access control in thread file endpoints allows access outside intended scope
Vulnerability Description
PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploaded files and model-generated output files. Exploitation required authentication and permission to view at least one thread for retrieval, and authentication and permission to participate in at least one thread for deletion. This vulnerability is fixed in 7.27.2.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
PingPong 安全漏洞
Vulnerability Description
PingPong是Computational Policy Lab开源的一个学生作业与课程管理助手。 PingPong 7.27.2之前版本存在安全漏洞,该漏洞源于访问控制不当,可能导致经过身份验证的用户检索或删除授权范围外的文件。
CVSS Information
N/A
Vulnerability Type
N/A