Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Papra Does Not Reject Expired API Keys
Vulnerability Description
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expired to continue accessing all protected endpoints as if the key were still valid. This vulnerability is fixed in 26.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Papra 代码问题漏洞
Vulnerability Description
Papra是Papra开源的一个文档管理与归档平台。 Papra 26.4.0之前版本存在代码问题漏洞,该漏洞源于身份验证期间从未根据当前时间验证具有expiresAt日期的API密钥,可能导致任何API密钥(无论其过期日期如何)被无限期接受,使得密钥已过期的用户仍能继续访问所有受保护的端点。
CVSS Information
N/A
Vulnerability Type
N/A