GHSA-2w6m-q946-399r

Suggest an improvement
Source
https://github.com/advisories/GHSA-2w6m-q946-399r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-2w6m-q946-399r/GHSA-2w6m-q946-399r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2w6m-q946-399r
Aliases
Published
2022-10-04T00:00:25Z
Modified
2024-08-21T16:28:34.847866Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Dapr Dashboard vulnerable to Incorrect Access Control
Details

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

Database specific 
{
    "nvd_published_at": "2022-10-03T13:15:00Z",
    "cwe_ids": [
        "CWE-306"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-04T21:59:06Z"
}
References

Affected packages

Go / github.com/dapr/dashboard

Package

Name
github.com/dapr/dashboard
View open source insights on deps.dev
Purl
pkg:golang/github.com/dapr/dashboard

Affected ranges

Type
SEMVER
Events
Introduced
0.1.0
Last affected
0.10.0