2 matches found
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Summary Missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information. Impact This vulnerability allows an unauthenticated attack...
actual 访问控制错误漏洞
Actual is a personal finance tool developed by Actual OpenSource. Versions of Actual prior to 26.2.1 contained an access control vulnerability. This vulnerability stemmed from the lack of an authentication middleware in the ActualBudget server component, which could allow unverified users to acce...