Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*
Vulnerability Description
Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to distinguish valid job IDs from invalid ones and generate sustained unauthenticated traffic for resource consumption.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
Capgo 信息泄露漏洞
Vulnerability Description
Capgo是CAPGO公司的一个专为CapacitorJS开发者打造的移动应用开发和更新平台。 Capgo 12.128.2之前版本存在信息泄露漏洞,该漏洞源于OPTIONS /build/upload/:jobId/*端点存在可观察的响应差异,可能导致未经身份验证的攻击者枚举有效的构建器作业ID并生成持续的未经身份验证的流量以消耗资源。
CVSS Information
N/A
Vulnerability Type
N/A