CNNVD-202601-008 Information

CNNVD ID

CNNVD-202601-008

Related CVE

CVE-2025-69203

• CNNVD Published: 2026-01-01

Description (Chinese)

Signal K Server是Signal K开源的一个船用中央服务器。 Signal K Server 2.19.0之前版本存在安全漏洞，该漏洞源于访问请求系统信任X-Forwarded-For标头且描述字段与权限字段显示不一致，可能导致社会工程学攻击。

Description (English)

Signal K Server is a central shipping server for Signal K Open Source. There was a security loophole in the pre-Signal K Server 2.19.0 version, which stemmed from the access request system ’ s trust in the X-Forwarded-For header and the inconsistency between the description field and the permission field, which could lead to a social engineering attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Signal K

Published

2026-01-01

Last Modified

2026-02-24

References

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 https://github.com/SignalK/signalk-server/security/advisories/GHSA-vfrf-vcj7-wvr8

Patch

https://github.com/SignalK/signalk-server/releases