Vulnerability Detail Report
Vulnerability Overview
- ZDID: ZD-2022-00945
- 發信 Vendor: 群傳媒股份有限公司
- Title: Readmoo GitHub Org 原始碼寫入、管理權限
- Introduction: GitHub API Token 外洩,具有 repo, workflow, write:packages 權限
處理狀態
目前狀態
公開
Last Update : 2023/01/15
-
新提交
-
已審核
-
已通報
-
未回報修補狀況
-
未複測
-
公開
處理歷程
- 2022/11/15 00:39:18 : 新提交 (由 dlackty 更新此狀態)
- 2022/11/19 23:42:53 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/12/01 12:09:33 : 通報未回應 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/12/01 12:09:33 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/12/01 12:09:33 : 通報未回應 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2023/01/15 03:00:02 : 公開 (由 HITCON ZeroDay 平台自動更新)
詳細資料
- ZDID:ZD-2022-00945
- 通報者:dlackty (dlackty)
- 風險:嚴重
- 類型:資訊洩漏 (Information Leakage)
參考資料
攻擊者可利用洩漏資訊進行下一步攻擊行為。
OWASP 漏洞說明 (Top 10 2017 - A3 Sensitive Data Exposure)
https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure
CWE-200 漏洞說明
https://cwe.mitre.org/data/definitions/200.html
OWASP 漏洞說明 (Top 10 2017 - A3 Sensitive Data Exposure)
https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure
CWE-200 漏洞說明
https://cwe.mitre.org/data/definitions/200.html
(本欄位資訊由系統根據漏洞類別自動產生,做為漏洞參考資料。)
相關網址
https://github.com/eCrowdMedia/App-Icon-Font
https://github.com/eCrowdMedia/App-Design
https://github.com/eCrowdMedia/PassionFruit
https://github.com/eCrowdMedia/Caterpillar
https://github.com/eCrowdMedia/audiobook-tools
https://github.com/eCrowdMedia/Hadean
https://github.com/eCrowdMedia/Tiramisu
https://github.com/eCrowdMedia/Issues
https://github.com/eCrowdMedia/VisionG3-hardware
https://github.com/eCrowdMedia/Experiment
https://github.com/eCrowdMedia/pp1
https://github.com/eCrowdMedia/dps_node-mw-usb-initiator
https://github.com/eCrowdMedia/dps_node-mw-file-transfer
https://github.com/eCrowdMedia/dps_node-mw-reg-ctrl
https://github.com/eCrowdMedia/dps_node-mw-error
https://github.com/eCrowdMedia/dps_node-mw-conn-selector
https://github.com/eCrowdMedia/dps_node-mw-conn-ctrl
https://github.com/eCrowdMedia/dps_node-mw-automagic-client
https://github.com/eCrowdMedia/dps_node-mw-auto-bt-pan-connector
https://github.com/eCrowdMedia/Galao_Images
https://github.com/eCrowdMedia/mooInk
https://github.com/eCrowdMedia/Thoth
https://github.com/eCrowdMedia/Martini
https://github.com/eCrowdMedia/Ukulele
https://github.com/eCrowdMedia/owl
https://github.com/eCrowdMedia/flutter_readmoo_login
https://github.com/eCrowdMedia/flutter_readmoo_ui
https://github.com/eCrowdMedia/Vision-frameworks
https://github.com/eCrowdMedia/ShareApp_Android
https://github.com/eCrowdMedia/reciter
https://github.com/eCrowdMedia/DigitalPaperAPP-PC
https://github.com/eCrowdMedia/flutter_feedback_to_readmoo
https://github.com/eCrowdMedia/mooInkPlus2
https://github.com/eCrowdMedia/VisionG3-frameworks
https://github.com/eCrowdMedia/bonjour
https://github.com/eCrowdMedia/Deploy
https://github.com/eCrowdMedia/VisionG3-external
https://github.com/eCrowdMedia/Bisheng
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-capas-Setting
https://github.com/eCrowdMedia/Galao
https://github.com/eCrowdMedia/Services
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-DigitalPaperApp
https://github.com/eCrowdMedia/Vision-vendor
https://github.com/eCrowdMedia/Persuader
https://github.com/eCrowdMedia/Common
https://github.com/eCrowdMedia/Vision
https://github.com/eCrowdMedia/Melange
https://github.com/eCrowdMedia/Worker
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-memo
https://github.com/eCrowdMedia/memo
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-reader
https://github.com/eCrowdMedia/Moose
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-capas
https://github.com/eCrowdMedia/VisionG3-system
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-ime
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-infras-EinkIME
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny
https://github.com/eCrowdMedia/VisionG3-vendor
https://github.com/eCrowdMedia/VisionG3-frameworks-base
https://github.com/eCrowdMedia/VisionG3-device-fsl
https://github.com/eCrowdMedia/VisionG3-build
https://github.com/eCrowdMedia/VisionG3-packages
https://github.com/eCrowdMedia/Lagom
https://github.com/eCrowdMedia/VisionG3-vendor-nxp-opensource-kernel_imx
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-infras
https://github.com/eCrowdMedia/VisionG3-EInkIME
https://github.com/eCrowdMedia/Ebook
https://github.com/eCrowdMedia/DigitalPaperIOS
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-AppLauncher
https://github.com/eCrowdMedia/Readmoo-Desktop
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-DocumentBrowser
https://github.com/eCrowdMedia/WordPress
https://github.com/eCrowdMedia/Read-SPA
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-NoteCreator
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-dict
https://github.com/eCrowdMedia/VisionG3-manifest
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo
https://github.com/eCrowdMedia/VisionG3-frameworks-native
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-tools
https://github.com/eCrowdMedia/Getty
https://github.com/eCrowdMedia/DigitalPaperMacAPP
https://github.com/eCrowdMedia/VisionG3-buildscripts
https://github.com/eCrowdMedia/VisionG3-vendor-nxp-opensource-uboot-imx
https://github.com/eCrowdMedia/Galao-resources
https://github.com/eCrowdMedia/Docker-Galao
https://github.com/eCrowdMedia/VisionG3
https://github.com/eCrowdMedia/VisionG3-prebuilts-abi-dumps-vndk
https://github.com/eCrowdMedia/VisionG3-aarch64-buildroot-linux-uclibc
https://github.com/eCrowdMedia/VisionG3-art
https://github.com/eCrowdMedia/VisionG3-libcore
https://github.com/eCrowdMedia/VisionG3-bionic
https://github.com/eCrowdMedia/VisionG3-device
https://github.com/eCrowdMedia/VisionG3-pdk
https://github.com/eCrowdMedia/VisionG3-toolchain
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-DigitalPaperAppGateway
https://github.com/eCrowdMedia/mooInkOTA
https://github.com/eCrowdMedia/API_Test
https://github.com/eCrowdMedia/Lambda
https://github.com/eCrowdMedia/DigitalPaperAndroid
https://github.com/eCrowdMedia/pp1-prebuilts
https://github.com/eCrowdMedia/Honeybees
https://github.com/eCrowdMedia/MailMonkey
https://github.com/eCrowdMedia/Readmoo-Windows
https://github.com/eCrowdMedia/DigitalPaperWindowsInstaller
https://github.com/eCrowdMedia/DP-FolderList
https://github.com/eCrowdMedia/DigitalPaperWindowsDriver
https://github.com/eCrowdMedia/PassionFruitDemo
https://github.com/eCrowdMedia/DigitalPaperDesktopAPP
https://github.com/eCrowdMedia/campaign
https://github.com/eCrowdMedia/KingCrimson
https://github.com/eCrowdMedia/HighlightTesting
https://github.com/eCrowdMedia/Vision-packages
https://github.com/eCrowdMedia/pdf2svg
https://github.com/eCrowdMedia/Vision-kernel
https://github.com/eCrowdMedia/pp1-frameworks
https://github.com/eCrowdMedia/pp1-packages
https://github.com/eCrowdMedia/pp1-external
https://github.com/eCrowdMedia/pp1-kernel_imx
https://github.com/eCrowdMedia/Vision-external
https://github.com/eCrowdMedia/Martini-static
https://github.com/eCrowdMedia/pyEbook3
https://github.com/eCrowdMedia/Vision-build-script
https://github.com/eCrowdMedia/Vision-prebuilts
https://github.com/eCrowdMedia/MooReaderAndroid
https://github.com/eCrowdMedia/mooReader_iOS_Hybrid
https://github.com/eCrowdMedia/EInkWaveformExample
https://github.com/eCrowdMedia/Docker-Worker
https://github.com/eCrowdMedia/Docker-Services
https://github.com/eCrowdMedia/Writemoo_iOS
https://github.com/eCrowdMedia/Writemoo_Android
https://github.com/eCrowdMedia/App_Helper
https://github.com/eCrowdMedia/Hemingway
https://github.com/eCrowdMedia/node-webkit-app
https://github.com/eCrowdMedia/Readium
https://github.com/eCrowdMedia/MooReader
https://github.com/eCrowdMedia/share-extension
https://github.com/eCrowdMedia/ShareApp_iOS
https://github.com/eCrowdMedia/App-Design
https://github.com/eCrowdMedia/PassionFruit
https://github.com/eCrowdMedia/Caterpillar
https://github.com/eCrowdMedia/audiobook-tools
https://github.com/eCrowdMedia/Hadean
https://github.com/eCrowdMedia/Tiramisu
https://github.com/eCrowdMedia/Issues
https://github.com/eCrowdMedia/VisionG3-hardware
https://github.com/eCrowdMedia/Experiment
https://github.com/eCrowdMedia/pp1
https://github.com/eCrowdMedia/dps_node-mw-usb-initiator
https://github.com/eCrowdMedia/dps_node-mw-file-transfer
https://github.com/eCrowdMedia/dps_node-mw-reg-ctrl
https://github.com/eCrowdMedia/dps_node-mw-error
https://github.com/eCrowdMedia/dps_node-mw-conn-selector
https://github.com/eCrowdMedia/dps_node-mw-conn-ctrl
https://github.com/eCrowdMedia/dps_node-mw-automagic-client
https://github.com/eCrowdMedia/dps_node-mw-auto-bt-pan-connector
https://github.com/eCrowdMedia/Galao_Images
https://github.com/eCrowdMedia/mooInk
https://github.com/eCrowdMedia/Thoth
https://github.com/eCrowdMedia/Martini
https://github.com/eCrowdMedia/Ukulele
https://github.com/eCrowdMedia/owl
https://github.com/eCrowdMedia/flutter_readmoo_login
https://github.com/eCrowdMedia/flutter_readmoo_ui
https://github.com/eCrowdMedia/Vision-frameworks
https://github.com/eCrowdMedia/ShareApp_Android
https://github.com/eCrowdMedia/reciter
https://github.com/eCrowdMedia/DigitalPaperAPP-PC
https://github.com/eCrowdMedia/flutter_feedback_to_readmoo
https://github.com/eCrowdMedia/mooInkPlus2
https://github.com/eCrowdMedia/VisionG3-frameworks
https://github.com/eCrowdMedia/bonjour
https://github.com/eCrowdMedia/Deploy
https://github.com/eCrowdMedia/VisionG3-external
https://github.com/eCrowdMedia/Bisheng
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-capas-Setting
https://github.com/eCrowdMedia/Galao
https://github.com/eCrowdMedia/Services
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-DigitalPaperApp
https://github.com/eCrowdMedia/Vision-vendor
https://github.com/eCrowdMedia/Persuader
https://github.com/eCrowdMedia/Common
https://github.com/eCrowdMedia/Vision
https://github.com/eCrowdMedia/Melange
https://github.com/eCrowdMedia/Worker
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-memo
https://github.com/eCrowdMedia/memo
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-reader
https://github.com/eCrowdMedia/Moose
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-capas
https://github.com/eCrowdMedia/VisionG3-system
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-ime
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-infras-EinkIME
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny
https://github.com/eCrowdMedia/VisionG3-vendor
https://github.com/eCrowdMedia/VisionG3-frameworks-base
https://github.com/eCrowdMedia/VisionG3-device-fsl
https://github.com/eCrowdMedia/VisionG3-build
https://github.com/eCrowdMedia/VisionG3-packages
https://github.com/eCrowdMedia/Lagom
https://github.com/eCrowdMedia/VisionG3-vendor-nxp-opensource-kernel_imx
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-infras
https://github.com/eCrowdMedia/VisionG3-EInkIME
https://github.com/eCrowdMedia/Ebook
https://github.com/eCrowdMedia/DigitalPaperIOS
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-AppLauncher
https://github.com/eCrowdMedia/Readmoo-Desktop
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-DocumentBrowser
https://github.com/eCrowdMedia/WordPress
https://github.com/eCrowdMedia/Read-SPA
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-NoteCreator
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo-dict
https://github.com/eCrowdMedia/VisionG3-manifest
https://github.com/eCrowdMedia/VisionG3-vendor-readmoo
https://github.com/eCrowdMedia/VisionG3-frameworks-native
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-tools
https://github.com/eCrowdMedia/Getty
https://github.com/eCrowdMedia/DigitalPaperMacAPP
https://github.com/eCrowdMedia/VisionG3-buildscripts
https://github.com/eCrowdMedia/VisionG3-vendor-nxp-opensource-uboot-imx
https://github.com/eCrowdMedia/Galao-resources
https://github.com/eCrowdMedia/Docker-Galao
https://github.com/eCrowdMedia/VisionG3
https://github.com/eCrowdMedia/VisionG3-prebuilts-abi-dumps-vndk
https://github.com/eCrowdMedia/VisionG3-aarch64-buildroot-linux-uclibc
https://github.com/eCrowdMedia/VisionG3-art
https://github.com/eCrowdMedia/VisionG3-libcore
https://github.com/eCrowdMedia/VisionG3-bionic
https://github.com/eCrowdMedia/VisionG3-device
https://github.com/eCrowdMedia/VisionG3-pdk
https://github.com/eCrowdMedia/VisionG3-toolchain
https://github.com/eCrowdMedia/VisionG3-vendor-linfiny-apps-DigitalPaperAppGateway
https://github.com/eCrowdMedia/mooInkOTA
https://github.com/eCrowdMedia/API_Test
https://github.com/eCrowdMedia/Lambda
https://github.com/eCrowdMedia/DigitalPaperAndroid
https://github.com/eCrowdMedia/pp1-prebuilts
https://github.com/eCrowdMedia/Honeybees
https://github.com/eCrowdMedia/MailMonkey
https://github.com/eCrowdMedia/Readmoo-Windows
https://github.com/eCrowdMedia/DigitalPaperWindowsInstaller
https://github.com/eCrowdMedia/DP-FolderList
https://github.com/eCrowdMedia/DigitalPaperWindowsDriver
https://github.com/eCrowdMedia/PassionFruitDemo
https://github.com/eCrowdMedia/DigitalPaperDesktopAPP
https://github.com/eCrowdMedia/campaign
https://github.com/eCrowdMedia/KingCrimson
https://github.com/eCrowdMedia/HighlightTesting
https://github.com/eCrowdMedia/Vision-packages
https://github.com/eCrowdMedia/pdf2svg
https://github.com/eCrowdMedia/Vision-kernel
https://github.com/eCrowdMedia/pp1-frameworks
https://github.com/eCrowdMedia/pp1-packages
https://github.com/eCrowdMedia/pp1-external
https://github.com/eCrowdMedia/pp1-kernel_imx
https://github.com/eCrowdMedia/Vision-external
https://github.com/eCrowdMedia/Martini-static
https://github.com/eCrowdMedia/pyEbook3
https://github.com/eCrowdMedia/Vision-build-script
https://github.com/eCrowdMedia/Vision-prebuilts
https://github.com/eCrowdMedia/MooReaderAndroid
https://github.com/eCrowdMedia/mooReader_iOS_Hybrid
https://github.com/eCrowdMedia/EInkWaveformExample
https://github.com/eCrowdMedia/Docker-Worker
https://github.com/eCrowdMedia/Docker-Services
https://github.com/eCrowdMedia/Writemoo_iOS
https://github.com/eCrowdMedia/Writemoo_Android
https://github.com/eCrowdMedia/App_Helper
https://github.com/eCrowdMedia/Hemingway
https://github.com/eCrowdMedia/node-webkit-app
https://github.com/eCrowdMedia/Readium
https://github.com/eCrowdMedia/MooReader
https://github.com/eCrowdMedia/share-extension
https://github.com/eCrowdMedia/ShareApp_iOS
敘述
從官網下載 macOS app,下載的 DMG 檔案內,以下路徑即可找到明文 API Token:Readmoo看書.app/Contents/Resources/app-update.yml
擷圖
留言討論
登入後留言
聯絡組織
發送私人訊息
您也可以透過私人訊息的方式與組織聯繫,討論有關於這個漏洞的相關資訊。