exploitDog

GHSA-829c-jpvx-vfrv

Опубликовано: 19 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.6

Описание

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

Ссылки

EPSS

Процентиль: 17%

0.00054

Низкий

8.6 High

CVSS4

CVE ID

Дефекты

CWE-359

Связанные уязвимости

CVE-2025-13008

nvd

около 2 месяцев назад

An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

EPSS

Процентиль: 17%

0.00054

Низкий

8.6 High

CVSS4

CVE ID

Дефекты

CWE-359