mirror of
https://github.com/ntop/ntopng.git
synced 2026-07-16 19:32:12 +00:00
Any authenticated user, including unprivileged accounts, could modify threat intelligence blacklist URLs, enable/disable status, and update intervals via POST /lua/rest/v2/edit/system/edit_blacklist.lua. Add the same isAdministrator() guard used by the sibling edit/category/category.lua endpoint. GHSA-ffg5-889g-f5q8 Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| application | ||
| category | ||
| host | ||
| network | ||
| ntopng | ||
| system | ||
| tag | ||