漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint
Vulnerability Description
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. A fix is available in v4.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Ech0 安全漏洞
Vulnerability Description
Ech0是L1nSn0w个人开发者的一个自托管个人微博客平台。 Ech0 4.2.0之前版本存在安全漏洞,该漏洞源于GET /api/allusers端点未经验证返回用户记录,可能导致远程未经验证的用户枚举和信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A