PT-2026-51778 · Cap Go · Cap-Go
Judel777
·
Publicado
2026-06-24
·
Atualizado
2026-06-24
·
CVE-2026-56310
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited to orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image url, role, and is tmp from organizations outside their assigned scope.
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cap-Go