CloudEdge Configuration Center Information Disclosure Vulnerability

Summary :

The CloudEdge Configuration Center exposes a limited amount of configuration information.

CVSS (Base Score):

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attackers can discover externally exposed configuration center ports through network scanning and directly access application configuration data.

This issue may expose 11 items of configuration information.

This vulnerability affects a limited subset of application configuration data in the CloudEdge Configuration Center service.

The exposed configuration data has been corrected, and public network access to the affected service ports has been restricted.

Acknowledgment

We thank Sammy Azdoufal for valuable assistance in discovering this vulnerability and coordinating responsible disclosure.