漏洞
The ArcGIS Portal Directory REST API reveals user information and allows for user enumeration via the user resource endpoint, even when accessed anonymously.
| 漏洞 ID 编号 | BUG-000171101 |
|---|---|
| 已提交 | September 30, 2024 |
| 上次修改时间 | October 3, 2024 |
| 适用范围 | Portal for ArcGIS |
| 找到的版本 | 11.1 |
| 操作系统 | Windows Server |
| 操作系统版本 | 2022 |
| 状态 | As Designed |
附加信息
When the portal is configured to share content with the public, it is necessary to wait for anonymous users to decide whether they trust the content. One aspect of trust is knowing who shared that content. This means that it is necessary for anonymous users to know the names of users who are creating content, adding comments, etc. This is a security feature that is common in most products that share content with the public.重现步骤
漏洞 ID: BUG-000171101
软件:
- Portal for ArcGIS
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序