Lucene search

Veracode Vulnerability DatabaseVERACODE:44079

HistoryOct 31, 2023 - 12:24 p.m.

Information Disclosure

2023-10-3112:24:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

codeigniter4

vulnerability

information leakage

error report

production environment

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

codeigniter4/framework is vulnerable to Information Disclosure. The vulnerability is due to displaying a detailed error report in production environment when an error or exception occurs. This can lead to leakage of confidential information.

CPENameOperatorVersion
codeigniter4/frameworklev4.4.0
codeigniter4/frameworklev4.4.0

CPE	Name	Operator	Version
	codeigniter4/framework	le	v4.4.0
	codeigniter4/framework	le	v4.4.0

References

codeigniter4.github.io/userguide/general/errors.html#error-reporting

github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563

github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for VERACODE:44079