| Title | https://gitee.com/dromara/open-capacity-platform open-capacity-platform v2.0.1 Security Misconfiguration |
|---|
| Description | ocp(open-capacity-platform) is an enterprise microservice framework based on layui+springcloud (user rights management, Configuration center management, application management,....). Its core design goal is to separate the front and back end, rapid development and deployment, simple learning, powerful, to provide fast access to the core interface capabilities, its goal is to help enterprises build a set of similar Baidu ability open platform framework.
The auth-server component of ocp has a security configuration vulnerability. It can access all actuator terminals, including dangerous ports such as heapdump, which exposes sensitive information. |
|---|
| Source | ⚠️ https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main |
|---|
| User | ggfzx (UID 67509) |
|---|
| Submission | 04/10/2024 06:27 AM (11 months ago) |
|---|
| Moderation | 04/17/2024 06:46 PM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 261367 [Dromara open-capacity-platform 2.0.1 auth-server /actuator/heapdump information disclosure] |
|---|
| Points | 20 |
|---|