Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
umatiGateway's UI publicly accessible in provided docker-compose file
Vulnerability Description
umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
信息暴露
Vulnerability Title
umati Gateway 信息泄露漏洞
Vulnerability Description
umati Gateway是umati开源的一个使用 JSON 消息将 OPC UA 服务器与 MQTT 代理连接起来的工具。 umati Gateway存在信息泄露漏洞,该漏洞源于用户界面允许公开访问,可能导致配置被查看和修改。
CVSS Information
N/A
Vulnerability Type
N/A