PT-2024-21962 · Alldata · Alldata
Raybye
·
Published
2024-04-02
·
Updated
2024-07-11
·
CVE-2024-27602
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Alldata version 0.4.6
Description
The issue is related to Incorrect Access Control, resulting in the leakage of many modules' interface documents. For example, the "/api/system/v2/api-docs" module is affected.
Recommendations
For Alldata version 0.4.6, consider restricting access to the "/api/system/v2/api-docs" module to minimize the risk of exploitation. Additionally, review and secure all interface documents to prevent further leaks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alldata