← volver
CVE-2026-56316

Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*

CVSS 6.9 MEDIUMEPSS 0.2%CWE-203
Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to distinguish valid job IDs from invalid ones and generate sustained unauthenticated traffic for resource consumption.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Cap-go · capgo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Cap-go/capgo/security/advisories/GHSA-9c2x-7h5x-37gmhttps://www.vulncheck.com/advisories/cap-go-job-existence-oracle-via-unauthenticated-options-build-upload-jobid