Submit #313847: https://gitee.com/dromara/open-capacity-platform open-capacity-platform v2.0.1 Security Misconfigurationinfo

Titelhttps://gitee.com/dromara/open-capacity-platform open-capacity-platform v2.0.1 Security Misconfiguration
Beschreibungocp(open-capacity-platform) is an enterprise microservice framework based on layui+springcloud (user rights management, Configuration center management, application management,....). Its core design goal is to separate the front and back end, rapid development and deployment, simple learning, powerful, to provide fast access to the core interface capabilities, its goal is to help enterprises build a set of similar Baidu ability open platform framework. The auth-server component of ocp has a security configuration vulnerability. It can access all actuator terminals, including dangerous ports such as heapdump, which exposes sensitive information.
Quelle⚠️ https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main
Benutzer
 ggfzx (UID 67509)
Einreichung10.04.2024 06:27 (vor 2 Jahren)
Moderieren17.04.2024 18:46 (8 days later)
StatusAkzeptiert
VulDB Eintrag261367 [Dromara open-capacity-platform 2.0.1 auth-server /actuator/heapdump Information Disclosure]
Punkte20

Might our Artificial Intelligence support you?

Check our Alexa App!