CNNVD-202601-3896 Information

CNNVD ID

CNNVD-202601-3896

Related CVE

CVE-2026-24036

• CNNVD Published: 2026-01-22

Description (Chinese)

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.4.0及之后版本存在访问控制错误漏洞，该漏洞源于未经验证即可访问未发布的招聘信息，可能导致敏感内部招聘信息泄露。

Description (English)

Horilla is a free open-source human resources software for Horilla. Horilla 1.4.0 and subsequent versions have access control bugs, which stem from access to unpublished recruitment information without certification and may lead to the disclosure of sensitive internal recruitment information.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Horilla

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/horilla-opensource/horilla/commit/9a585a1588431499092a49d7e82cb77daa4d99ee https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 https://github.com/horilla-opensource/horilla/security/advisories/GHSA-q4xr-w96p-3vg7

Patch

https://github.com/horilla-opensource/horilla/releases