https://blog.qife122.com/tags/%E4%BB%A4%E7%89%8C%E7%AE%A1%E7%90%86/ Recent content in 令牌管理 on 办公AI智能小助手 Hugo zh-cn qife Wed, 26 Nov 2025 20:26:20 +0800 https://blog.qife122.com/p/ash-authentication%E4%BB%A4%E7%89%8C%E6%92%A4%E9%94%80%E9%80%BB%E8%BE%91%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E4%BF%AE%E5%A4%8D%E6%8C%87%E5%8D%97/ Wed, 26 Nov 2025 20:26:20 +0800 https://blog.qife122.com/p/ash-authentication%E4%BB%A4%E7%89%8C%E6%92%A4%E9%94%80%E9%80%BB%E8%BE%91%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E4%BF%AE%E5%A4%8D%E6%8C%87%E5%8D%97/ <h2 id="漏洞概述">漏洞概述</h2> <p>Ash Authentication身份验证库在通过<code>mix ash_authentication.install</code>命令生成的actions中存在令牌撤销检查逻辑缺陷。该漏洞被标识为CVE-2025-25202，属于中等严重程度的安全问题。</p>