free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
Summary An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to retrieve stored subscriber identifiers SUPI/IMSI with a single HTTP GET request requiring no parameters or credentials. Details The endpoint...