Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check
Vulnerability Description
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise<boolean>) but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in JavaScript, !isAuthorized(type) always evaluates to false, completely bypassing the authorization check. Any authenticated user with the lowest visitor role can upload, delete, rename, and list all files in the S3 bucket. This vulnerability is fixed in 0.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
StudioCMS 安全漏洞
Vulnerability Description
StudioCMS是StudioCMS开源的一个内容管理系统。 StudioCMS 0.3.1之前版本存在安全漏洞,该漏洞源于S3存储管理器授权检查被绕过,可能导致经过身份验证的用户对S3存储桶执行任意文件操作。
CVSS Information
N/A
Vulnerability Type
N/A