| タイトル | CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure |
|---|
| 説明 | The Android application campusconnect.ucc version 14.3.5 hardcodes an Uploadcare private key in campusconnect/BuildConfig.java . An unauthenticated attacker who obtains this key can directly invoke the Uploadcare API to upload, list, download, and delete arbitrary files stored in the Uploadcare bucket. This may result in disclosure of sensitive information and permanent data loss. Additionally, an attacker could upload a malicious file to the Uploadcare service. If the affected website server subsequently downloads and processes that file, it could lead to remote code execution. |
|---|
| ソース | ⚠️ https://www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Operations-and-Potential-RCE-in-campusc-3262de3f97fb8057bc67ec4320672d99?source=copy_link |
|---|
| ユーザー | fxizenta (UID 28116) |
|---|
| 送信 | 2026年03月17日 13:48 (21 日 ago) |
|---|
| モデレーション | 2026年04月03日 00:08 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355040 [UCC CampusConnect App 迄 14.3.5 上 Android campusconnect.ucc BuildConfig.java 弱い暗号化] |
|---|
| ポイント | 17 |
|---|