漏洞标题
Trunk的“Claim your pod”可能可以用来获取未使用的播客
漏洞描述信息
"trunk.cocoapods.org"是CocoaPods依赖管理器的身份验证服务器。一个漏洞影响了从2014年之前的pull请求工作流程迁移到"trunk"的较旧的Pods。如果Pods从未被认领,那么仍然可以进行认领。还有可能从Pod中删除所有所有者,这使得Pod可以使用相同的认领系统。此问题在2023年9月份的commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4中进行了服务器端修补。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
特权管理不恰当
漏洞标题
Trunk's 'Claim your pod' could be used to obtain un-used pods
漏洞描述信息
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system. This was patched server-side in commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4 in September 2023.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
漏洞类别
将资源暴露给错误范围
漏洞标题
CocoaPods 安全漏洞
漏洞描述信息
CocoaPods是CocoaPods开源的一个 Cocoa 依赖关系管理器。 CocoaPods存在安全漏洞,该漏洞源于允许攻击者认领从未被认领的pods或移除所有拥有者后重新认领这些pods。
CVSS信息
N/A
漏洞类别
其他