github.com/free5gc/free5gc is vulnerable to information disclosure. A remote unauthenticated attacker can acquire confidential information of UEs, subscribers and tenants via the webconsole
without authentication because it uses the default username Admin
, which can be used as a token header.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/free5gc/free5gc | le | v3.2.1 | |
github.com/free5gc/free5gc | le | v3.2.1 |