Veracode Vulnerability DatabaseVERACODE:43912Information Disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
20.2%
bunkum is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Bunkum application. This request would cause the application to release a token from its cache, and then immediately reuse the token. The attacker could then use the released token to authenticate to the application and gain access to sensitive information.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
20.2%