漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
skypilot-org skypilot User ID server.py username.encode weak hash
Vulnerability Description
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
可逆的单向哈希
Vulnerability Title
skypilot-org SkyPilot 加密问题漏洞
Vulnerability Description
skypilot-org SkyPilot是skypilot-org组织开源的一个可以在任何 AI 基础设施上运行、管理和扩展 AI 工作负载的系统。 skypilot-org skypilot 0.12.0及之前版本存在加密问题漏洞,该漏洞源于User ID Handler组件的sky/users/server.py文件中的username.encode函数使用了弱哈希。
CVSS Information
N/A
Vulnerability Type
N/A