Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ory Oathkeeper has a path traversal authorization bypass
Vulnerability Description
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. Version 26.2.0 contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
相对路径遍历
Vulnerability Title
Ory Oathkeeper 安全漏洞
Vulnerability Description
Ory Oathkeeper是Ory开源的一个访问控制决策软件。 Ory Oathkeeper 26.2.0之前版本存在安全漏洞,该漏洞源于HTTP路径遍历,可能导致授权绕过。
CVSS Information
N/A
Vulnerability Type
N/A