Submit #429927: knightliao disconf 2.6.36 Improper Authenticationinfo

Titleknightliao disconf 2.6.36 Improper Authentication
DescriptionThe Disconf of version 2.6.36 has improper permission management, allowing unauthorized users to access sensitive configuration information stored in the configuration center. Attackers can access the /api/config/list without authentication to retrieve all the parameters and their values for a particular app in a particular env with particular version.
Source⚠️ https://github.com/knightliao/disconf/issues/431
User
 gaogaostone (UID 53740)
Submission10/23/2024 04:52 (2 years ago)
Moderation10/31/2024 16:58 (9 days later)
StatusAccepted
VulDB entry282633 [knightliao Disconf 2.6.36 Configuration Center /api/config/list improper authentication]
Points18

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!