| عنوان | fastapiadmin <= 2.2.0 Exposure of Sensitive System Information to an Unauthorized Cont |
|---|
| الوصف | An information disclosure vulnerability in FastapiAdmin (≤ 2.2.0) located in /backend/app/plugin/init_app.py allows unauthenticated users to access the OpenAPI specification (openapi.json) and the API documentation pages (e.g., /api/v1/docs, /api/v1/redoc) because the custom documentation endpoints are exposed without any authentication or authorization; this exposure lets attackers enumerate endpoints, parameters, models and other metadata that can facilitate targeted attacks or leakage of sensitive implementation details—mitigation is to restrict or disable documentation in production, require authentication/authorization for docs and openapi routes, or serve them only on trusted internal networks. |
|---|
| المصدر | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 11/02/2026 06:20 AM (3 أشهر منذ) |
|---|
| الاعتدال | 22/02/2026 04:09 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347359 [FastApiAdmin حتى 2.2.0 Custom Documentation Endpoint init_app.py reset_api_docs الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|