CVE-2024-3928 – Dromara open-capacity-platform auth-server heapdump information disclosure

https://notcve.org/view.php?id=CVE-2024-3928

A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. • https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main https://vuldb.com/?ctiid.261367 https://vuldb.com/?id.261367 https://vuldb.com/?submit.313847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •