Описание
Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore.
Additional Information:
1.The issue was identified during routine security testing.
2.This vulnerability poses a significant risk to user privacy and data security.
3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.
Пакеты
Наименование
leantime/leantime
composer
Затронутые версииВерсия исправления
< 3.3
3.3
5.7 Medium
CVSS4
Дефекты
CWE-522
5.7 Medium
CVSS4
Дефекты
CWE-522