Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect data
Vulnerability Description
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding read endpoints have no authorization guards. Version 0.8.0 contains a fix. Some workarounds are available. Restrict staff accounts to only those who need access to sensitive data and/or use a reverse proxy or WAF to restrict access to the affected endpoints.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
FOSSBilling 信息泄露漏洞
Vulnerability Description
fossbilling是fossbilling团队开源的一种高效计费和客户管理方案。 FOSSBilling 0.8.0之前版本存在安全漏洞,该漏洞源于admin API端点缺少权限检查,可能导致低权限员工账户读取敏感数据。
CVSS Information
N/A
Vulnerability Type
N/A