Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Vulnerability Description
changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user (or unauthenticated user when no password is set, the default) can leak sensitive environment variables including `SALTED_PASS`, `PLAYWRIGHT_DRIVER_URL`, `HTTP_PROXY`, and any secrets passed as env vars to the container. Version 0.54.7 patches the issue.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
changedetection.io 信息泄露漏洞
Vulnerability Description
changedetection.io是dgtlmoon个人开发者的一个网站变更检测、监控和通知应用程序。 changedetection.io 0.54.7之前版本存在信息泄露漏洞,该漏洞源于jq:和jqraw:包含过滤器表达式允许使用jq env内置函数,可能导致敏感环境变量泄露。
CVSS Information
N/A
Vulnerability Type
N/A