2Xiaodi

**Name of the Vulnerable Software and Affected Versions** Hertzbeat versions 1.20 and prior **Description** Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless capabilities. The system has a permission bypass issue, allowing system authentication to be bypassed and interfaces to be invoked without authorization. **Recommendations** For Hertzbeat versions 1.20 and prior, update to version 1.2.1 or later, which contains a patch for this issue. As a temporary workaround, consider restricting access to sensitive interfaces until the patch can be applied.