Описание
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.
EPSS
Процентиль: 17%
0.00054
Низкий
Дефекты
CWE-862
Связанные уязвимости
github
12 дней назад
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.
EPSS
Процентиль: 17%
0.00054
Низкий
Дефекты
CWE-862