漏洞描述
swagger-ui存在未授权访问漏洞,会泄露API接口信息,存在一定安全隐患。
swagger-ui未授权访问
PoC代码
暂无相关漏洞推荐
- Swagger-UI-XSS: 3.14.1<=Swagger-UI-XSS< 3.38.0
- Exrick Xboot Swagger SecurityController.java服务器端请求伪造(CVE-2025-8527)
- AJ-Report /;swagger-ui/dataSource/pageList SQL 注入漏洞(CVE-2024-5350)
- POC CVE-2018-25031: Swagger UI < 3.38.0 - Cross-Site Scripting
- POC CVE-2025-8191: Swagger UI >=3.14.1 < 3.38.0 - DOM Based Cross-Site Scripting
- POC CVE-2022-0381: WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
- POC CVE-2024-22207: Fastify Swagger-UI - Information Disclosure
- POC jeecgboot-swagger: JeecgBoot 后台服务 API 接口文档
- POC swagger-disclosure: Public Swagger API Desclosure
- 满客宝后台管理系统 /warehouse/api/v1/provider/swagger/../downloadProviderFile 文件读取漏洞
- Apache Pinot 存在swagger-ui未授权访问漏洞
- Nexus-Repository swagger.json 未授权访问漏洞
- 亚信安全零信任访问控制系统 swagger 未授权访问漏洞