漏洞描述
<span style="color: rgb(48, 49, 51);">未授权的访问者可以查看目标系统中部分敏感信息,造成目标数据的泄漏。</span>
关于U8cloud系统存在Uclient端Token泄露导致未授权访问漏洞的安全公告
PoC代码
暂无相关漏洞推荐
- 关于U8cloud所有版本存在反序列化漏洞的安全公告
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- POC CVE-2025-55190: ArgoCD Project API Token Repository Credentials Exposure
- (CVE-2025-62712) JumpServer ConnectionToken 权限验证不当漏洞
- 用友 U8 cloud nc.itf.uap.pfxx.IPFxxFileService 存在任意文件上传漏洞
- POC CVE-2025-6216: Allegra - Authentication Bypass via Predictable Password Reset Token
- POC CVE-2022-32430: Lin CMS Spring Boot - Default JWT Token
- POC CVE-2023-37266: CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token
- POC CVE-2023-4966: Citrix Bleed - Leaking Session Tokens
- POC CVE-2024-29868: Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation
- POC CVE-2025-53624: Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure
- POC xxl-job-default-token-bypass-rce: XXL-JOB 默认 accessToken 身份绕过漏洞
- POC file-enforce-server-tokens-prod: Enforce Apache2 ServerTokens Prod