Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
v2board / Xboard Authentication Token Exposure via loginWithMailLink
Vulnerability Description
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
V2Board 安全漏洞
Vulnerability Description
V2Board是V2Board开源的一个多用户代理服务管理面板。 V2Board 1.6.1至1.7.4版本和Xboard 0.1.9及之前版本存在安全漏洞,该漏洞源于loginWithMailLink端点的HTTP响应体中暴露身份验证令牌,可能导致未认证攻击者获取完整账户访问权限。
CVSS Information
N/A
Vulnerability Type
N/A