Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)
Vulnerability Description
listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists (which they don't have access to) under different scenarios. This only affects multi-user environments with untrusted users. This issue has been patched in version 6.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
listmonk 安全漏洞
Vulnerability Description
listmonk是Kailash Nadh个人开发者的一个具有现代仪表板的高性能、自托管、时事通讯和邮件列表管理器。 listmonk 4.1.0版本至6.1.0之前版本存在安全漏洞,该漏洞源于列表权限检查存在缺陷,可能导致多用户环境中的用户访问其无权访问的列表。
CVSS Information
N/A
Vulnerability Type
N/A