关键信息 漏洞标题: - fastapiadmin <= 2.2.0 exposing sensitive system information to unauthorized entities 漏洞描述: - An information disclosure vulnerability in FastApiAdmin (<= 2.2.0) allows unauthorized users to access the OpenAPI specification and the API documentation pages due to exposed custom documentation endpoints without any authentication or authorization. This permits attackers to enumerate endpoints, parameters, and other metadata that can facilitate targeted attacks or sensitive information leaks. 漏洞来源: - https://github.com/CC-T454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1 提交者: - Anonymous User 提交时间: - 2026-02-11 06:20 AM 审核时间: - 2026-02-22 04:09 PM 状态: - Accepted 漏洞库条目: - [237399] VApiAdmin up to 2.2.0 Custom Documentation Endpoint init_app.py reset_api_docs information disclosure 得分: - 20