Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation via update_event Job Output in Cronicle
Vulnerability Description
Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an update_event key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privilege user who can create and run events can modify any event property, including webhook URLs and notification emails. This vulnerability is fixed in 0.9.111.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
xyOps 安全漏洞
Vulnerability Description
xyOps是Joseph Huckaby个人开发者的一个多服务器任务调度与执行平台。 xyOps 0.9.111之前版本存在安全漏洞,该漏洞源于服务器对JSON输出中的update_event键应用时缺少授权检查,可能导致低权限用户修改任意事件属性。
CVSS Information
N/A
Vulnerability Type
N/A