Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Vulnerability Description
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15 character alphanumeric strings, and are not exposed to all users. However, it is theoretically possible for an authenticated user to enumerate a valid system ID via web API. To use the containers endpoints, the user would also need to enumerate a container ID, which is 12 digit hexadecimal string. This vulnerability is fixed in 0.18.7.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
不完整的黑名单
Vulnerability Title
Beszel 安全漏洞
Vulnerability Description
Beszel是hank个人开发者的一个轻量级服务器监控中心。 Beszel 0.18.7之前版本存在安全漏洞,该漏洞源于某些API端点未验证用户对系统ID的访问权限,可能导致经过身份验证的用户访问任意系统。
CVSS Information
N/A
Vulnerability Type
N/A