Primary

Context

production_ssm Incorrect Access Control Vulnerability Allowing Information Leakage

Vulnerability

A vulnerability exists in production_ssm version 0.0.1-SNAPSHOT due to incorrect access control in the '/user/list' component. This flaw allows attackers to access sensitive information by sending a crafted payload, bypassing authentication requirements.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the '/user/list' API endpoint without proper authentication. The request will be denied. However, by manipulating the request to include the payload '/ajaxLogin;/../user/list', authentication can be bypassed, allowing access to the sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

production_ssm Incorrect Access Control Vulnerability Allowing Information Leakage

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating