| Titolo | https://gitee.com/dromara/open-capacity-platform open-capacity-platform v2.0.1 Security Misconfiguration |
|---|
| Descrizione | ocp(open-capacity-platform) is an enterprise microservice framework based on layui+springcloud (user rights management, Configuration center management, application management,....). Its core design goal is to separate the front and back end, rapid development and deployment, simple learning, powerful, to provide fast access to the core interface capabilities, its goal is to help enterprises build a set of similar Baidu ability open platform framework.
The auth-server component of ocp has a security configuration vulnerability. It can access all actuator terminals, including dangerous ports such as heapdump, which exposes sensitive information. |
|---|
| Fonte | ⚠️ https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main |
|---|
| Utente | ggfzx (UID 67509) |
|---|
| Sottomissione | 10/04/2024 06:27 (2 anni fa) |
|---|
| Moderazione | 17/04/2024 18:46 (8 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 261367 [Dromara open-capacity-platform 2.0.1 auth-server /actuator/heapdump rivelazione di informazioni] |
|---|
| Punti | 20 |
|---|