Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication
Vulnerability Description
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.3.0 is capable of addressing this issue. The patch is identified as d7729f4b885449f6dee3faf8b5f2a05769fb3d6e. The affected component should be upgraded.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Messages 授权问题漏洞
Vulnerability Description
Messages是La Suite numérique开源的一个电子邮件收件箱软件。 Messages 0.2.0版本存在授权问题漏洞,该漏洞源于对文件serializers.py中ThreadAccessSerializer函数的操作,可能导致身份验证不当。
CVSS Information
N/A
Vulnerability Type
N/A