Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-44397: The gateway filter of CloudExplorer Lite uses a controller with path. startwith matching/API/, which can cause permission bypass

CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with matching/API/, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue.

CVE
Open in Source
#vulnerability#git#auth

Impact

The gateway filter of CloudExplorer Lite uses a controller with path. startwith matching/API/, which can cause permission bypass.

The reproduction steps are as follows:
1.The filter of the gateway uses a controller with path. startwith matching /api.
2.It can lead to unauthorized access, such as: https://cloudexplorer-lite-demo.fit2cloud.com/api/menus

Patches

The vulnerability has been fixed in v1.4.1.

Workarounds

It is recommended to upgrade the version to v1.4.1.

References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at [email protected]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE