漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others
Vulnerability Description
Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query data and the filename of the admins and probably other users chats, if they know the conversation_id. This impacts the confidentiality of chats. This issue has been patched in version 1.9.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
dify 安全漏洞
Vulnerability Description
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.8.1版本存在安全漏洞,该漏洞源于/console/api/apps/<APP_ID>chat-messages端点访问控制不当,可能导致同一工作区用户读取其他用户的聊天消息。
CVSS Information
N/A
Vulnerability Type
N/A