signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time, allowing them to modify sensitive vessel routing data, alter server configurations, and access restricted endpoints. This issue has been patched in version 2.24.0-beta.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

授权机制不恰当

Signal K Server 安全漏洞

Signal K Server是Signal K开源的一个船用中央服务器。 Signal K Server 2.24.0-beta.4之前版本存在安全漏洞，该漏洞源于未经验证的管理员角色注入，可能导致权限提升。

N/A

N/A