| Titel | RYMCU forest V1.0 Missing Authentication |
|---|
| Beschreibung | The application contains a critical security flaw in the Lucene user dictionary management API where ANY unauthenticated user can perform Create, Read, Update, and Delete (CRUD) operations on the system-wide search dictionary. This dictionary directly affects the full-text search functionality across the entire application, including article search, user search, and tag recognition. |
|---|
| Quelle | ⚠️ https://github.com/rymcu/forest/issues/199 |
|---|
| Benutzer | 1098024193 (UID 45260) |
|---|
| Einreichung | 23.10.2025 11:35 (vor 6 Monaten) |
|---|
| Moderieren | 09.11.2025 07:54 (17 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 331645 [rymcu forest bis de53ce79db9faa2efc4e79ce1077a302c42a1224 UserDicController.java getAll/addDic/getAllDic/deleteDic erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|