CNNVD-202511-114 Information

CNNVD ID

CNNVD-202511-114

Related CVE

CVE-2025-62720

• CNNVD Published: 2025-11-04

Description (Chinese)

LinkAce是Kevin Woblick个人开发者的一个自托管档案库，用于收集您最喜爱的网站的链接。 LinkAce 2.3.1及之前版本存在访问控制错误漏洞，该漏洞源于ExportController类中的HTML和CSV导出功能未应用所有权或可见性过滤，可能导致绕过访问控制。

Description (English)

LinkAce is a self-hosted archive of Kevin Woblick personal developers to collect links to your favorite website. LinkAce 2.3.1 and previous versions have access control bugs, which stem from the fact that HTML and CSV export functions in the ExportController category do not apply ownership or visibility filters, which may lead to circumventing access controls.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

个人开发者

Published

2025-11-04

Last Modified

2026-02-24

References

https://github.com/Kovah/LinkAce/security/advisories/GHSA-cqxv-6v28-2f2h https://github.com/Kovah/LinkAce/commit/0ba49dba5176db390999de1f90b9d743a4aedc24 https://github.com/Kovah/LinkAce/releases/tag/v2.4.0 https://access.redhat.com/security/cve/cve-2025-62720

Patch

https://github.com/Kovah/LinkAce/releases