Lujiefsi

**Name of the Vulnerable Software and Affected Versions** Navidrome versions prior to 0.56.0 **Description** A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. The vulnerability exists in the API endpoints that manage transcoding settings, such as `POST /api/transcoding`, `PUT /api/transcoding/:id`, `DELETE /api/transcoding/:id`, and `GET /api/transcoding`. The application fails to properly validate whether a user has administrative privileges when handling transcoding configuration requests, despite the JWT token clearly indicating the user is not an administrator (`"adm":false`). **Recommendations** For Navidrome versions prior to 0.56.0, update to version 0.56.0 to patch the issue. As a temporary workaround, consider disabling the transcoding functionality to minimize the risk of exploitation. Restrict access to the vulnerable API endpoints to minimize the risk of unauthorized configuration changes. Avoid using the `POST /api/transcoding`, `PUT /api/transcoding/:id`, `DELETE /api/transcoding/:id`, and `GET /api/transcoding` endpoints with regular user credentials until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ThingsBoard versions up to 3.7.0 **Description** A vulnerability has been found in the HTTP RPC API component of ThingsBoard, which can lead to resource consumption. The attack can be launched remotely, but the complexity of an attack is rather high and the exploitation appears to be difficult. The issue is classified as problematic and affects an unknown functionality of the component. **Recommendations** For versions up to 3.7.0, upgrade to version 3.7.1 to address this issue. As a temporary workaround, consider restricting access to the HTTP RPC API component until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** OpenStack Storlets yoga-eom (affected versions not specified) **Description** An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Storlets version yoga-eom **Description** The issue allows a remote attacker to execute arbitrary code via the gateway.py component. **Recommendations** For OpenStack Storlets version yoga-eom, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack magnum yoga-eom version (affected versions not specified) **Description** An issue in the software allows a remote attacker to execute arbitrary code via the `cert manager.py` component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache DolphinScheduler versions prior to 3.2.1 **Description** The issue is related to session fixation, where a session remains valid after a password change. This could potentially allow unauthorized access. Users are advised to upgrade to a version that fixes this issue. **Recommendations** For Apache DolphinScheduler versions prior to 3.2.1, upgrade to version 3.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** alf.io versions prior to 2.0-Mr-2402 **Description** The issue affects an open source ticket reservation system, allowing an attacker to access data from other organizers by using a specially crafted request to receive the e-mail log sent by other events. **Recommendations** For versions prior to 2.0-Mr-2402, update to version 2.0-M4-2402 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Alf.io versions prior to 2.0-M4-2402 **Description** Alf.io is a free and open source event attendance management system. The issue allows users to access the admin area even after being invalidated or deleted. There are no known workarounds for this issue. All users are advised to upgrade to version 2.0-M4-2402 to address this issue. **Recommendations** For versions prior to 2.0-M4-2402, upgrade to version 2.0-M4-2402 to resolve the issue. As a temporary workaround, consider restricting access to the admin area until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** iTop versions prior to 2.7.10 iTop versions prior to 3.0.4 iTop versions prior to 3.1.1 iTop versions prior to 3.2.0 **Description** iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. By forging an HTTP request, a user can create objects pointing to out of silo objects, such as a UserRequest in an out of scope Organization. **Recommendations** For versions prior to 2.7.10, update to version 2.7.10 or later. For versions prior to 3.0.4, update to version 3.0.4 or later. For versions prior to 3.1.1, update to version 3.1.1 or later. For versions prior to 3.2.0, update to version 3.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** Metersphere versions prior to 2.10.3 **Description** Metersphere is an open-source testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause Metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to overwriting files that the Metersphere process has access to. **Recommendations** For versions prior to 2.10.3, upgrade to version 2.10.3 to address the issue. As a temporary workaround, consider restricting file uploads or limiting access to sensitive files until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Metersphere versions prior to 2.10.2 LTS **Description** Metersphere is an open source continuous testing platform. In the affected versions, some key APIs lack permission checks, allowing ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. **Recommendations** For versions prior to 2.10.2 LTS, update to version 2.10.2 LTS to resolve the issue. As a temporary workaround, consider restricting access to key APIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DataEase versions prior to 1.18.7 **Description** The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user's dashboard or messages or interfering with the interface for marking messages read. The vulnerability allows an attacker to delete dashboards or messages of other users by manipulating the request, for example, by replacing the ID of the dashboard or message with the ID of another user's dashboard or message. The interface for marking read messages is also affected. **Recommendations** For versions prior to 1.18.7, upgrade to version 1.18.7 to fix the vulnerability. As a temporary workaround, consider restricting access to the API endpoints related to deleting dashboards and system messages, such as "POST /api/share/removePanelShares/" until the issue is resolved. Avoid using the interface to delete dashboards and system messages until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** CloudExplorer Lite versions prior to 1.1.0 **Description** The issue is related to a missing permission check on the user profile in CloudExplorer Lite, an open source cloud management tool. This allows users to add themselves to any organization. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.1.0, upgrade to version 1.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the user profile management functionality until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** CloudExplorer Lite versions prior to 1.1.0 **Description** The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixed in version 1.1.0. Users are advised to upgrade as there are no known workarounds for this issue. **Recommendations** For versions prior to 1.1.0, upgrade to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting user permissions to minimize the risk of exploitation until the upgrade can be applied.

**Name of the Vulnerable Software and Affected Versions** MeterSphere versions prior to 2.9.0 **Description** The issue is an IDOR vulnerability that allows the administrator of a project to modify other projects under the workspace, potentially granting an attacker some operating permissions. MeterSphere is an open source continuous testing platform that covers functions such as test tracking, interface testing, UI testing, and performance testing. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 to resolve the issue. As a temporary workaround, consider restricting project modification permissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MeterSphere versions prior to 2.5.1 **Description** The issue allows users to upload a file without validating the file name, potentially leading to uploading files to any path if the file name in the upload request is falsified. This is due to a lack of validation in the `FileUtils.java` file, specifically in the `createFile` function, which does not check the `filePath`. The vulnerability has been fixed in version 2.5.1. **Recommendations** For versions prior to 2.5.1, upgrade to version 2.5.1 to resolve the issue. As a temporary workaround, consider restricting file upload capabilities until the update can be applied. Avoid using the `createFile` function in `FileUtils.java` until the issue is resolved.