漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint
Vulnerability Description
Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an unauthenticated attacker to bypass network isolation and access restrictions, potentially enabling access to internal services, cloud metadata endpoints, and exfiltration of sensitive data from isolated network segments. This vulnerability is fixed in version 25.7.21.2525.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Manager-io 代码问题漏洞
Vulnerability Description
Manager-io是Manager.io开源的一个会计软件。适用于Windows、Mac和Linux。 Manager-io 25.7.18.2519及之前版本存在代码问题漏洞,该漏洞源于代理处理组件访问控制不当,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A