CNNVD-202512-136 Information
Dec 01, 2025
cve
CNNVD ID
CNNVD-202512-136
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
orion-ops是李佳航个人开发者的一个一站式自动化运维及自动化部署平台。 orion-ops存在安全漏洞,该漏洞源于文件UserController.java中参数ID的错误操作,可能导致授权不当。
Description (English)
Orion-ops is a one-stop automated transport and automated deployment platform for Li Jia-avian personal developers. There is a security loophole in orion-ops, which stems from the wrong operation of parameter ID in document UserController.java, which may lead to improper delegation of authority.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-privilege-escalation-1/report.md https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-privilege-escalation-1/report.md#proof-of-concept https://vuldb.com/?ctiid.333818 https://vuldb.com/?id.333818 https://vuldb.com/?submit.692068
Share on: