漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums
Vulnerability Description
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within the URL query parameters in a GET request to /api/shared-links/me. This exposes the password in browser history, proxy and server logs, and referrer headers, allowing unintended disclosure of authentication credentials. The impact of this vulnerability is the potential compromise of shared album access and unauthorized exposure of sensitive user data. This issue has been patched in version 2.6.0.
CVSS Information
N/A
Vulnerability Type
通过GET请求中的查询字符串导致的信息暴露
Vulnerability Title
immich 安全漏洞
Vulnerability Description
immich是Immich开源的一个高性能自托管照片和视频管理解决方案。 immich 2.6.0之前版本存在安全漏洞,该漏洞源于共享相册认证过程中密码通过URL参数传输,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A