You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The gateway filter of CloudExplorer Lite uses a controller with path. startwith matching/API/, which can cause permission bypass.
The reproduction steps are as follows:
1.The filter of the gateway uses a controller with path. startwith matching /api.
2.It can lead to unauthorized access, such as: https://cloudexplorer-lite-demo.fit2cloud.com/api/menus
Patches
The vulnerability has been fixed in v1.4.1.
Workarounds
It is recommended to upgrade the version to v1.4.1.
References
If you have any questions or comments about this advisory:
Impact
The gateway filter of CloudExplorer Lite uses a controller with path. startwith matching/API/, which can cause permission bypass.
The reproduction steps are as follows:
1.The filter of the gateway uses a controller with path. startwith matching /api.
2.It can lead to unauthorized access, such as: https://cloudexplorer-lite-demo.fit2cloud.com/api/menus
Patches
The vulnerability has been fixed in v1.4.1.
Workarounds
It is recommended to upgrade the version to v1.4.1.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at xin.bai@fit2cloud.com