漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Capgo - Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC
Vulnerability Description
Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information including MAU, bandwidth, storage, and build time limits for any organization.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Capgo 授权问题漏洞
Vulnerability Description
Capgo是CAPGO公司的一个专为CapacitorJS开发者打造的移动应用开发和更新平台。 Capgo 12.128.2之前版本存在授权问题漏洞,该漏洞源于public.get_current_plan_max_org RPC函数中存在授权绕过,可能导致未经身份验证的攻击者检索任意组织计划限制。
CVSS Information
N/A
Vulnerability Type
N/A