Описание
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
EPSS
Процентиль: 11%
0.00038
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 6.5
github
12 дней назад
The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').
EPSS
Процентиль: 11%
0.00038
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-862