提出 #745517: yeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls情報

タイトルyeqifu warehouse latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls
説明Log viewing and deletion endpoints have no authorization checks. Attackers can access or erase login audit logs, which undermines forensic visibility and allows malicious activity to be hidden. This breaks compliance and incident response workflows, enables attackers to cover tracks after privilege escalation, and prevents administrators from detecting brute‑force attempts, suspicious IPs, or abnormal access patterns.
ソース⚠️ https://github.com/yeqifu/warehouse/issues/59
ユーザー
 AliceS614 (UID 94277)
送信2026年01月23日 10:51 (5 月 ago)
モデレーション2026年02月06日 15:16 (14 days later)
ステータス承諾済み
VulDBエントリ344683 [yeqifu warehouse 迄 aaf29962ba407d22d991781de28796ee7b4670e4 Log Info LoginfoController.java loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo 特権昇格]
ポイント19

概要

Want to know what is going to be exploited?

We predict KEV entries!