Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sim Studio AI - Unauthenticated OAuth Token Theft
Vulnerability Description
On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Sim Studio 安全漏洞
Vulnerability Description
Sim Studio是Sim Studio开源的一个AI代理工作流构建器。 Sim Studio 0.5.74之前版本存在安全漏洞,该漏洞源于/api/auth/oauth/token端点存在授权检查绕过,可能导致未经验证的攻击者窃取OAuth访问令牌。
CVSS Information
N/A
Vulnerability Type
N/A