漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Missing Authorization in OpenPLC_V3
Vulnerability Description
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
OpenPLC Runtime version 3 安全漏洞
Vulnerability Description
OpenPLC Runtime version 3是Thiago Alves个人开发者的一个可编程逻辑控制器。 OpenPLC Runtime version 3 存在安全漏洞,该漏洞源于REST API端点仅检查JWT存在但未验证调用者角色,可能导致经过身份验证的用户删除其他用户或创建具有管理员权限的新账户。
CVSS Information
N/A
Vulnerability Type
N/A