oss-sec mailing list archives
CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server
From: "bismy" <bismy () qq com>
Date: Wed, 31 Jan 2024 15:53:34 +0800
Affected versions: - Apache ServiceComb Service-Center through 2.1.0 Description: Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue. Credit: ?? ?? <suanwell () hotmail com> (finder) References: https://servicecomb.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-44312</suanwell () hotmail com>
Current thread:
- CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server bismy (Jan 31)