CNNVD-202601-2980 Information
CNNVD ID
CNNVD-202601-2980
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
arcane是Arcane开源的一个Docker管理软件。 arcane 1.13.2之前版本存在访问控制错误漏洞,该漏洞源于环境代理中间件在强制执行身份验证之前处理对远程环境的请求,可能导致未经验证的请求被代理到远程环境代理,从而未经身份验证即可访问远程环境资源。
Description (English)
Arcane is a Docker management software from Arcane Open Source. A prior version of the arcane 1.13.2 contains a bug in access control, which stems from the fact that the environmental agent intermediate handles requests for a remote environment prior to the enforcement of authentication, which may result in uncertified requests being represented in a remote environment agent, thus allowing access to remote environmental resources without authentication.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
Arcane
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/getarcaneapp/arcane/pull/1532 https://github.com/getarcaneapp/arcane/releases/tag/v1.13.2 https://github.com/getarcaneapp/arcane/commit/2008e1b93b25d0c4c3fff3af07843766231614eb https://github.com/getarcaneapp/arcane/security/advisories/GHSA-2jv8-39rp-cqqr https://access.redhat.com/security/cve/cve-2026-23944
Patch
https://github.com/getarcaneapp/arcane/releases
Share on: