v2board / Xboard Authentication Token Exposure via loginWithMailLink

V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

通过发送数据的信息暴露

V2Board 安全漏洞

V2Board是V2Board开源的一个多用户代理服务管理面板。 V2Board 1.6.1至1.7.4版本和Xboard 0.1.9及之前版本存在安全漏洞，该漏洞源于loginWithMailLink端点的HTTP响应体中暴露身份验证令牌，可能导致未认证攻击者获取完整账户访问权限。

N/A

N/A