CVE-2024-3928 – Dromara open-capacity-platform auth-server heapdump information disclosure

https://notcve.org/view.php?id=CVE-2024-3928

17 Apr 2024 — A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. • https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •