| Titel | knightliao disconf 2.6.36 Improper Authentication |
|---|
| Beschreibung | The Disconf of version 2.6.36 has improper permission management, allowing unauthorized users to access sensitive configuration information stored in the configuration center. Attackers can access the /api/config/list without authentication to retrieve all the parameters and their values for a particular app in a particular env with particular version. |
|---|
| Quelle | ⚠️ https://github.com/knightliao/disconf/issues/431 |
|---|
| Benutzer | gaogaostone (UID 53740) |
|---|
| Einreichung | 23.10.2024 04:52 (vor 2 Jahren) |
|---|
| Moderieren | 31.10.2024 16:58 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 282633 [knightliao Disconf 2.6.36 Configuration Center /api/config/list schwache Authentisierung] |
|---|
| Punkte | 18 |
|---|