Primary

Context

Novel-Plus Improper Authorization Vulnerability in Log Deletion Function

Vulnerability

A critical vulnerability has been identified in Novel-Plus versions up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. The issue arises in the LogController.java file, specifically within the deleteIndex function. This vulnerability allows for improper authorization, enabling remote attackers to delete system logs without proper permission.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of system logs, which could disrupt auditing and monitoring processes.

Reproduction

To reproduce this vulnerability, send a POST request to the '/common/log/remove' endpoint with an 'id' parameter specifying the log entry to be deleted. This request can be made remotely, and the absence of proper authorization checks allows the deletion to occur without the necessary permissions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Novel-Plus Improper Authorization Vulnerability in Log Deletion Function

Vulnerability

Impact

Reproduction

Affected Products

20120630 Novel-Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating