cbcvebase.
CVE-2021-46371
published 2022-02-14

CVE-2021-46371: antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of…

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.42%
90.1th percentile
antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to some interfaces in the foreground leads to leakage of sensitive information.

Affected

1 ranges
VendorProductVersion rangeFixed in
antd-admin_projectantd-admin

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/users
otherfofa-query: 'body="/@@/devScripts.js" && body="//! umi version:" && body="/umi.js"'
othershodan-query: html:"/umi.js" html:"@@/devScripts.js"
  • Unauthenticated GET request to /api/v1/users returning HTTP 200 with JSON body containing user PII fields indicates successful exploitation of the broken access control vulnerability.
  • Response body containing the strings 'email":', 'data":[{"id":', and 'phone":"' together with Content-Type application/json and HTTP 200 confirms sensitive data leakage via the unauthenticated API endpoint.
  • Identify exposed antd-admin 5.5.0 instances via FOFA by searching for body strings '/@@/devScripts.js', '//! umi version:', and '/umi.js' simultaneously.
  • Identify exposed antd-admin instances via Shodan by searching for HTML responses containing '/umi.js' and '@@/devScripts.js'.
  • ·Vulnerability is specific to antd-admin version 5.5.0; other versions may not be affected.
  • ·The access control bypass is in the foreground/front-end interfaces, not a backend authentication bypass; detection should focus on unauthenticated access to API endpoints.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.