Lucene search

Veracode Vulnerability DatabaseVERACODE:44983

HistoryJan 09, 2024 - 6:36 a.m.

Information Disclosure

2024-01-0906:36:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

pyload-ng

unauthenticated

information disclosure

vulnerability

authorization

authentication

exploited

flask configurations

secret_key

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.118 Low

EPSS

Percentile

95.4%

JSON

pyload-ng is vulnerable to Unauthenticated Information Disclosure. The vulnerability is due to improper authorization and authentication checks. This issue can be exploited by an attacker to disclose sensitive information such as Flask configurations, which includes the SECRET_KEY variable.

CPENameOperatorVersion
pyload-ngle0.5.0b3.dev76
pyload-ngle0.5.0b3.dev76

CPE	Name	Operator	Version
	pyload-ng	le	0.5.0b3.dev76
	pyload-ng	le	0.5.0b3.dev76

References

github.com/advisories/GHSA-mqpq-2p68-46fv

github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40

github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.118 Low

EPSS

Percentile

95.4%

JSON

Related for VERACODE:44983