CNNVD-202511-113 Information
CNNVD ID
CNNVD-202511-113
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
LinkAce是Kevin Woblick个人开发者的一个自托管档案库,用于收集您最喜爱的网站的链接。 LinkAce 2.3.1及之前版本存在访问控制错误漏洞,该漏洞源于FeedController类中经过身份验证的RSS提要端点未实施适当的授权检查,可能导致未经授权访问所有用户的链接、列表和标签。
Description (English)
LinkAce is a self-hosted archive of Kevin Woblick personal developers to collect links to your favorite website. LinkAce 2.3.1 and previous versions have access control bugs, which stem from the failure of proper authorization checks of the RSS specified endpoints in the FeedController category, which may lead to unauthorized access to links, lists and labels for all users.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
个人开发者
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/Kovah/LinkAce/security/advisories/GHSA-47g2-qw6q-cr96 https://github.com/Kovah/LinkAce/releases/tag/v2.4.0 https://github.com/Kovah/LinkAce/commit/1fef32694cee2bd80892fb478416be9364c3fddd https://access.redhat.com/security/cve/cve-2025-62721
Patch
https://github.com/Kovah/LinkAce/releases
Share on: