Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-38817 PoC — Dapr Dashboard 访问控制错误漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Dapr%20Dashboard%20configurations%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20CVE-2022-38817.md
Associated Vulnerability
Title:Dapr Dashboard 访问控制错误漏洞 (CVE-2022-38817)
Description:Dapr Dashboard是Dapr开源的一个基于 Web 的 UI。允许用户查看本地或 Kubernetes 群集中运行的 Dapr 应用程序、组件和配置的信息、查看日志等。 Dapr Dashboard v0.1.0版本至v0.10.0版本存在安全漏洞,该漏洞源于存在不正确访问控制的问题,允许攻击者获取敏感数据。
File Snapshot

 # Dapr Dashboard configurations 未授权访问漏洞 CVE-2022-38817

## 漏洞描述

Dapr Dashboard 存在 未授权访问漏洞,在未经授权的情况下

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.