← voltar
CVE-2026-56302

Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security

CVSS 6.9 MEDIUMEPSS 0.2%CWE-284
Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Capgo · Capgo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Cap-go/capgo/security/advisories/GHSA-8hq3-gg3m-vwvrhttps://www.vulncheck.com/advisories/capgo-unsecured-supabase-images-bucket-via-missing-row-level-security