We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
作者您好! 发现在 /action/vul.py 第173行代码中,@url(r"/vul/get", needcheck = False, category = "漏洞") , 其中needcheck=False 因此并没有加入ACL策略中,导致开发可以越权查看不属于他/组的漏洞详情。
修复方法: 设置needcheck=True 这样可以在后台-编辑角色-权限列表中进行按需勾选,防御权限绕过,提升安全性。
修改needcheck=True 后可以按需配置,避免默认就被所有登录用户可访问。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
作者您好!
发现在 /action/vul.py 第173行代码中,@url(r"/vul/get", needcheck = False, category = "漏洞") ,
其中needcheck=False 因此并没有加入ACL策略中,导致开发可以越权查看不属于他/组的漏洞详情。
修复方法:
设置needcheck=True 这样可以在后台-编辑角色-权限列表中进行按需勾选,防御权限绕过,提升安全性。
修改needcheck=True 后可以按需配置,避免默认就被所有登录用户可访问。
The text was updated successfully, but these errors were encountered: