exploitDog

GHSA-2926-f789-68jv

Опубликовано: 24 мар. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 9.3

CVSS3: 9.1

Описание

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

Ссылки

EPSS

Процентиль: 13%

0.00043

Низкий

9.3 Critical

CVSS4

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2025-60949

CVSS3: 9.1

nvd

14 дней назад

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

EPSS

Процентиль: 13%

0.00043

Низкий

9.3 Critical

CVSS4

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-200