Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint
Vulnerability Description
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. A fix is available in v4.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Ech0 安全漏洞
Vulnerability Description
Ech0是L1nSn0w个人开发者的一个自托管个人微博客平台。 Ech0 4.2.0之前版本存在安全漏洞,该漏洞源于GET /api/allusers端点未经验证返回用户记录,可能导致远程未经验证的用户枚举和信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A