Lucene search
Veracode Vulnerability DatabaseVERACODE:31866HistoryAug 30, 2021 - 5:11 a.m.
Information Leakage
2021-08-3005:11:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
64.6%
cachethq/cachet is vulnerable to information leakage. Configuration values of the dotenv file, e.g. the application secret (APP_KEY) and various passwords (email, database, etc) are exposed in UpdateConfigCommandHandler due to the use of nested variables in the resulting dotenv configuration file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cachethq/cachet | eq | 2.4.x-dev | |
| cachethq/cachet | eq | 2.4.x-dev |
Related
nvd
nvd
CVE-2021-39174
2021-08-28 00:15:06
github
github
Cachet configuration leak
2021-08-30 16:11:43
cvelist
cvelist
CVE-2021-39174 Configuration leak
2021-08-27 23:25:08
osv
osv
Cachet configuration leak
2021-08-30 16:11:43
CVE-2021-39174
2021-08-28 00:15:06
cve
cve
CVE-2021-39174
2021-08-28 00:15:06
githubexploit
githubexploit
Exploit for Special Element Injection in Catchethq Catchet
2022-05-03 20:17:23
prion
prion
Default configuration
2021-08-28 00:15:00
sonarsource
sonarsource
Cachet 2.4: Code Execution via Laravel Configuration Injection
2021-09-21 00:00:00