脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment
脆弱性説明
Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers (POST /authz/users/{id}/assign and /authz/groups/{id}/assign) authorize only that the caller may assign roles to the target user or group, not the permissions contained in the assigned roles, unlike role creation which enforces that a user can only create roles with permissions less than or equal to its own. A user holding only the delegated assign_and_revoke_users or assign_and_revoke_groups permission can assign the built-in admin role, or any high-privilege custom role, to itself or others, escalating to full administrative control of the database.
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
脆弱性タイプ
特权授予不正确
脆弱性タイトル
Weaviate 权限许可和访问控制问题漏洞
脆弱性説明
Weaviate是Weaviate公司开源的一个开源矢量数据库。 Weaviate 1.38.0之前版本存在权限许可和访问控制问题漏洞,该漏洞源于在RBAC角色分配时未验证执行分配的主体是否持有被分配角色所授予的权限,导致持有delegated assign_and_revoke_users或assign_and_revoke_groups权限的用户可将内置管理员角色或高权限自定义角色分配给自身或其他用户,从而完全控制数据库。
CVSS情報
N/A
脆弱性タイプ
N/A