Описание
Weblate wlc has insecure API key configuration
Impact
Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server.
Patches
Workarounds
Remove unscoped key from wlc configuration. Only use URL-scoped keys in the [keys] sections.
References
This issue was reported to us by wh1zee via HackerOne.
Пакеты
wlc
< 1.17.0
1.17.0
Связанные уязвимости
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
wlc is a Weblate command-line client using Weblate's REST API. Prior t ...