CVE-2021-46371
published 2022-02-14CVE-2021-46371: antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.42%
90.1th percentile
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| antd-admin_project | antd-admin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated GET request to /api/v1/users returning HTTP 200 with JSON body containing user PII fields indicates successful exploitation of the broken access control vulnerability. ↗
- →Response body containing the strings 'email":', 'data":[{"id":', and 'phone":"' together with Content-Type application/json and HTTP 200 confirms sensitive data leakage via the unauthenticated API endpoint. ↗
- →Identify exposed antd-admin 5.5.0 instances via FOFA by searching for body strings '/@@/devScripts.js', '//! umi version:', and '/umi.js' simultaneously. ↗
- →Identify exposed antd-admin instances via Shodan by searching for HTML responses containing '/umi.js' and '@@/devScripts.js'. ↗
- ·Vulnerability is specific to antd-admin version 5.5.0; other versions may not be affected. ↗
- ·The access control bypass is in the foreground/front-end interfaces, not a backend authentication bypass; detection should focus on unauthenticated access to API endpoints. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
AntD Admin - Sensitive Information Disclosure
nuclei·CVSS 7.5
CVE-2021-46371 [HIGH] AntD Admin - Sensitive Information Disclosure
AntD Admin - Sensitive Information Disclosure
AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user IDs, names, ages, phone numbers, addresses, and more.
Template:
id: CVE-2021-46371
info:
name: AntD Admin - Sensitive Information Disclosure
author: ritikchaddha
severity: high
description: |
AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of s
No writeups or analysis indexed.
2022-02-14
Published