제출 #781757: CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure정보

제목CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure
설명The Android application campusconnect.ucc version 14.3.5 hardcodes an Uploadcare private key in campusconnect/BuildConfig.java . An unauthenticated attacker who obtains this key can directly invoke the Uploadcare API to upload, list, download, and delete arbitrary files stored in the Uploadcare bucket. This may result in disclosure of sensitive information and permanent data loss. Additionally, an attacker could upload a malicious file to the Uploadcare service. If the affected website server subsequently downloads and processes that file, it could lead to remote code execution.
원천⚠️ https://www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Operations-and-Potential-RCE-in-campusc-3262de3f97fb8057bc67ec4320672d99?source=copy_link
사용자
 fxizenta (UID 28116)
제출2026. 03. 17. PM 01:48 (20 날 ago)
모더레이션2026. 04. 03. AM 12:08 (16 days later)
상태수락
VulDB 항목355040 [UCC CampusConnect App 까지 14.3.5 켜짐 Android campusconnect.ucc BuildConfig.java 약한 암호화]
포인트들17

이전개요다음

Do you know our Splunk app?

Download it now for free!