The DiscoveryService service can be accessed by all devices that are member of the discovery.discovery.external parameter group. The DiscoveryService service allows discovery clients to list available backups by providing a specially crafted request. An attacker can exploit this by sending a specially crafted request to the DiscoveryService service and get a list of all backups. The DiscoveryService service can be used to retrieve sensitive data from the backup by sending specially crafted request. The data that can be retrieved depends on the backup schema version. In case of 10.0.0.1 version of the backup, the attacker can retrieve data from the backup as follows: * Get information about the backup * Get information about the backup copy * Retrieve the data from the backup copy

Build information disclosure bug

An attacker can exploit this vulnerability by sending specially crafted requests to the DiscoveryService service and get information about the backup. For more information, please see: https://www.redhat.com/archives/fedora-announce-list/2009-June/msg00022.html

The benefits of outsourcing SEO services are that they give your company some much needed help and advice in handling such complex tasks as keyword evaluation, content development, and page optimization; it's also a way to increase conversion rates because you're spending less money on clicks that don't convert into sales.

Software Description

The DiscoveryService service is a RESTful interface that allows discovery clients to list backups by providing a specially crafted request. An attacker can exploit this by sending a specially crafted request to the DiscoveryService service and get a list of all backups. The DiscoveryService service can be used to retrieve sensitive data from the backup by sending specially crafted requests. In case of 10.0.0.1 version of the backup, the attacker can retrieve data from the backup as follows: * Get information about the backup * Retrieve data from the backup copy

Discovery Service Service Details

The DiscoveryService service is used to list backups. It can be accessed by all devices that are member of the discovery.discovery.external parameter group. The DiscoveryService service allows discovery clients to list available backups by providing a specially crafted request. An attacker can exploit this by sending a specially crafted request to the DiscoveryService service and get a list of all backups. The DiscoveryService service can be used to retrieve sensitive data from the backup by sending specially crafted request. The data that can be retrieved depends on the backup schema version. In case of 10.0.0.1 version of the backup, the attacker can retrieve data from the backup as follows: * Get information about the backup * Get information about the backup copy * Retrieve the data from the backup copy

Bypass backup protection using DiscoveryService

A vulnerability has been discovered in the DiscoveryService service. DiscoveryService is a service that allows users to list available backups by providing specially crafted requests. The vulnerability exists when the DiscoveryService service is used to retrieve sensitive data from the backup. An attacker can exploit this by sending specially crafted requests to the DiscoveryService service and get a list of all backups. The vulnerability exists because of the improper response handling by the DiscoveryService service.
The DiscoveryService service can be used to bypass backup protection using an attack vector similar to CVE-1912-47001

Description

The following is a description of the DiscoveryService service.
DiscoveryService service provides client with a list of available backups on the device. An attacker can exploit this by sending a specially crafted request to the DiscoveryService service and get a list of all backups. The DiscoveryService service can be used to retrieve sensitive data from the backup by sending specially crafted request.

Timeline

Published on: 10/03/2022 15:15:00 UTC
Last modified on: 10/04/2022 21:08:00 UTC

References