The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.
Metrics
Affected Vendors & Products
References
History
Wed, 20 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-11-20T18:11:21.234Z
Reserved: 2023-08-28T15:52:14.092Z
Link: CVE-2023-41314

Updated: 2024-08-02T18:54:05.185Z

Status : Modified
Published: 2023-12-18T09:15:05.667
Modified: 2024-11-21T08:21:03.213
Link: CVE-2023-41314

No data.