GHSA-GFMV-VH34-H2X5 Signal K Server: Unauthenticated Source Priorities Manipulation
Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...