Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass
Vulnerability Description
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Eugene AdGuard Home 授权问题漏洞
Vulnerability Description
Eugene AdGuard Home是 Eugene开源的一个应用软件。提供用于阻止广告和跟踪的全网络软件。 Eugene AdGuard Home 0.107.73之前版本存在授权问题漏洞,该漏洞源于未经验证的远程攻击者可通过发送请求升级到HTTP/2明文连接的请求来绕过所有身份验证,导致后续HTTP/2请求被当作已完全认证处理。
CVSS Information
N/A
Vulnerability Type
N/A