Enviar #781757: CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposureinformación

Título	CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure
Descripción	The Android application campusconnect.ucc version 14.3.5 hardcodes an Uploadcare private key in campusconnect/BuildConfig.java . An unauthenticated attacker who obtains this key can directly invoke the Uploadcare API to upload, list, download, and delete arbitrary files stored in the Uploadcare bucket. This may result in disclosure of sensitive information and permanent data loss. Additionally, an attacker could upload a malicious file to the Uploadcare service. If the affected website server subsequently downloads and processes that file, it could lead to remote code execution.
Fuente	⚠️ https://www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Operations-and-Potential-RCE-in-campusc-3262de3f97fb8057bc67ec4320672d99?source=copy_link
Usuario	fxizenta (UID 28116)
Sumisión	2026-03-17 13:48 (hace 21 días)
Moderación	2026-04-03 00:08 (16 days later)
Estado	Aceptado
Entrada de VulDB	355040 [UCC CampusConnect App hasta 14.3.5 en Android campusconnect.ucc BuildConfig.java cifrado débil]
Puntos	17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!