Submeter #781757: CampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposureinformação

TítuloCampusConnect™ UCC CampusConnect(campusconnect.ucc) 14.3.5 Uploadcare Private Key Exposure
DescriçãoThe Android application campusconnect.ucc version 14.3.5 hardcodes an Uploadcare private key in campusconnect/BuildConfig.java . An unauthenticated attacker who obtains this key can directly invoke the Uploadcare API to upload, list, download, and delete arbitrary files stored in the Uploadcare bucket. This may result in disclosure of sensitive information and permanent data loss. Additionally, an attacker could upload a malicious file to the Uploadcare service. If the affected website server subsequently downloads and processes that file, it could lead to remote code execution.
Fonte⚠️ https://www.notion.so/Uploadcare-Private-Key-Exposure-Leading-to-Unauthorized-File-Operations-and-Potential-RCE-in-campusc-3262de3f97fb8057bc67ec4320672d99?source=copy_link
Utilizador
 fxizenta (UID 28116)
Submissão17/03/2026 13h48 (há 20 dias)
Moderação03/04/2026 00h08 (16 days later)
EstadoAceite
Entrada VulDB355040 [UCC CampusConnect App até 14.3.5 em Android campusconnect.ucc BuildConfig.java Encriptação fraca]
Pontos17

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!