CVE-2024-27602
📋 TL;DR
Alldata V0.4.6 has an incorrect access control vulnerability that leaks sensitive API documentation through unauthenticated endpoints like /api/system/v2/api-docs. This exposes internal system interfaces and potentially sensitive information to unauthorized users. Anyone running Alldata V0.4.6 is affected.
💻 Affected Systems
- Alldata
📦 What is this software?
Alldata by Alldata
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain complete understanding of internal APIs, enabling targeted attacks, data exfiltration, or full system compromise by exploiting documented endpoints.
Likely Case
Unauthorized access to API documentation reveals system architecture, potentially exposing sensitive endpoints, authentication mechanisms, and data structures.
If Mitigated
With proper access controls, only authenticated administrators can access API documentation, limiting exposure of system internals.
🎯 Exploit Status
Exploitation requires only HTTP requests to documented endpoints; the referenced gist provides specific vulnerable paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available; apply workarounds or upgrade to a fixed version if released.
🔧 Temporary Workarounds
Block Unauthenticated Access to API Docs
allConfigure web server or application firewall to restrict access to /api/system/v2/api-docs and similar endpoints to authenticated users only.
# Example for nginx: location ~ ^/api/system/v2/api-docs { deny all; }
# Example for Apache: <Location "/api/system/v2/api-docs"> Require valid-user </Location>
Disable API Documentation Endpoints
allModify application configuration to disable public exposure of API documentation interfaces.
# Check Alldata configuration files for API documentation settings and disable them
🧯 If You Can't Patch
- Implement network segmentation to isolate Alldata instances from untrusted networks.
- Deploy a web application firewall (WAF) with rules to block requests to known vulnerable endpoints.
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://<alldata-host>/api/system/v2/api-docs without authentication; if it returns API documentation, the system is vulnerable.Check Version:
Check Alldata version in application interface or configuration files; vulnerable if V0.4.6.Verify Fix Applied:
After applying workarounds, verify that accessing the same endpoint returns an access denied error or requires authentication.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to /api/system/v2/api-docs from unauthenticated IPs
- Unusual access patterns to API documentation endpoints
Network Indicators:
- HTTP GET requests to /api/system/v2/api-docs without authentication headers
- Traffic spikes to API documentation paths
SIEM Query:
source="web_logs" AND uri_path="/api/system/v2/api-docs" AND http_status=200 AND NOT user_authenticated=true