oss-sec mailing list archives

CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server

From: "bismy" <bismy () qq com>
Date: Wed, 31 Jan 2024 15:53:34 +0800

Affected versions:

- Apache ServiceComb Service-Center through 2.1.0

Description:

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects 
Apache ServiceComb Service-Center before 2.1.0 (include).

Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Credit:

?? ?? <suanwell () hotmail com> (finder)

References:

https://servicecomb.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-44312</suanwell () hotmail com>

Current thread:

CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server bismy (Jan 31)