漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled
Vulnerability Description
OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Openlearn 访问控制错误漏洞
Vulnerability Description
Openlearn是Siemvk个人开发者的一个开源学习论坛工具。 Openlearn存在访问控制错误漏洞,该漏洞源于启用safeMode时未审核的论坛帖子仍可通过直接帖子读取程序返回完整内容。
CVSS Information
N/A
Vulnerability Type
N/A