Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2237-5r9w-vm8j

Опубликовано: 07 фев. 2025
Источник: github
Github: Прошло ревью
CVSS4: 8.7

Описание

Connect-CMS information that is restricted to viewing is visible

Impact

  • Information that is restricted from viewing in the search results of site searches (※) can still be viewed via the main text (a feature added in v1.8.0).
    • Impact by version
      • v1.8.0 ~ v1.8.3: It will be displayed in the text.
      • v1.8.0 and earlier: It will not be displayed in the body of the text, but the title (frame name) will be displayed with a link.
    • Target viewing restriction function
      • Frame publishing function (private, limited publishing)
      • IP Restriction Page
      • Password setting page

Patches (fixed version)

  • Apply v1.8.4.

Workarounds

  • Remove the site search (e.g. hide frames).。

References

none

Пакеты

Наименование

opensource-workshop/connect-cms

composer
Затронутые версииВерсия исправления

<= 1.8.3

1.8.4

8.7 High

CVSS4

Дефекты

CWE-200

8.7 High

CVSS4

Дефекты

CWE-200