漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)
Vulnerability Description
Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use (TOCTOU) condition that allows attackers to bypass network isolation and access internal services, cloud metadata endpoints, and protected network segments. The Desktop edition requires no authentication; the Server edition requires only standard authentication. This issue is fixed in version 25.11.1.3086.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Manager-io 代码问题漏洞
Vulnerability Description
Manager-io是Manager.io开源的一个会计软件。适用于Windows、Mac和Linux。 Manager-io 25.11.1.3085及之前版本存在代码问题漏洞,该漏洞源于DNS验证机制存在TOCTOU条件,可能导致绕过网络隔离并访问内部服务。
CVSS Information
N/A
Vulnerability Type
N/A