Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution
Vulnerability Description
Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s session-validation fetch fails. This can result in unauthorized access to protected pages and unauthorized execution of privileged Next.js Server Actions. This issue has been patched in version 2.2.0.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
cronmaster 安全漏洞
Vulnerability Description
cronmaster是fccview个人开发者的一个基于Web的Cron任务管理与系统监控工具。 cronmaster 2.2.0之前版本存在安全漏洞,该漏洞源于中间件存在身份验证绕过,当中间件的会话验证获取失败时,带有无效会话Cookie的未经验证请求会被视为已认证,可能导致未经授权访问受保护页面和执行特权Next.js服务器操作。
CVSS Information
N/A
Vulnerability Type
N/A