CNNVD-202602-948 Information
CNNVD ID
CNNVD-202602-948
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
DeepAudit是lintsinghua个人开发者的一个自动化漏洞审计工具。 DeepAudit 3.0.4及之前版本存在安全漏洞,该漏洞源于/api/v1/users/端点存在访问控制不当,可能允许任何经过身份验证的用户枚举系统中的所有用户并检索敏感信息。
Description (English)
DeepAudit is an automated gap audit tool for individual developers in Lintsinghua. There is a security loophole in DeepAudit 3.0.4 and earlier versions, which stems from inappropriate access controls at /api/v1/user/endpoints, which may allow all users of any identity-certified user count system and retrieve sensitive information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd https://github.com/lintsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q https://access.redhat.com/security/cve/cve-2026-25729
Patch
https://github.com/lintsinghua/DeepAudit/releases
Share on: