According to analysis and research, malicious attackers can use this unauthorized access vulnerability to obtain plaintext configuration information of redis, mongodb, rabbitmq and other applications on the cloud without authorization, and can further use these configuration information to obtain sensitive data on the cloud. In addition, the Dapr Dashboard configured with the Actions option (v0.2.0 verified) can be closed by a malicious attacker without authorization, causing business interruption.
Example
Repair
Temporary Mitigation: Strict whitelist access controls can be applied to affected assets. Solution: Add login authentication for Dapr Dashboard.
The text was updated successfully, but these errors were encountered:
Detail
According to analysis and research, malicious attackers can use this unauthorized access vulnerability to obtain plaintext configuration information of redis, mongodb, rabbitmq and other applications on the cloud without authorization, and can further use these configuration information to obtain sensitive data on the cloud. In addition, the Dapr Dashboard configured with the Actions option (v0.2.0 verified) can be closed by a malicious attacker without authorization, causing business interruption.
Example
Repair
Temporary Mitigation: Strict whitelist access controls can be applied to affected assets.
Solution: Add login authentication for Dapr Dashboard.
The text was updated successfully, but these errors were encountered: