Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authorization Bypass in ON24 Q&A chat
Vulnerability Description
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
ON24 Q&A Chat 安全漏洞
Vulnerability Description
ON24 Q&A Chat是美国ON24公司的一款在线互动问答与聊天组件。 ON24 Q&A chat存在安全漏洞,该漏洞源于console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/端点存在通过用户控制密钥的授权绕过,可能导致未经验证的攻击者枚举事件ID并获取完整的问答历史。
CVSS Information
N/A
Vulnerability Type
N/A