Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40036: Improper Authorization In /adminGetUserList · Issue #5 · rawchen/blog-ssm

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

CVE
Open in Source
#vulnerability#mac#windows#linux#git#auth#chrome#firefox

Improper Authorization In /adminGetUserList****[Suggested description]

blog-ssm v1.0 was found to contain an unauthorized access vulnerability through the component /adminGetUserList. This vulnerability allows an attacker to obtain sensitive user information by bypassing permission checks.

[Vulnerability Type]

Improper Authorization of Index Containing Sensitive Information

[Vendor of Product]

https://github.com/rawchen/blog-ssm

[Affected Product Code Base]

1.0

[Affected Component]

blog-ssm 1.0

OS: Windows/Linux/macOS

Browser: Chrome、Firefox、Safari

[Attack Vector]****Step1:After a code audit, it was found that /adminGetUserList had unauthorized access and exported sensitive user information, such as account names and passwords.

Step2:Registered account, username: text123, password: 123456.

Step3:Log in to the account you just registered and access /adminGetUserList to obtain sensitive information such as password.

[Attack Type]

Remote

[Impact Code execution]

False

[Reference(s)]

https://cwe.mitre.org/data/definitions/285.html

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE