Описание
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.9.1 (включая)Версия до 3.9.1 (включая)Версия до 3.9.1 (включая)Версия до 3.9.1 (включая)
Одно из
cpe:2.3:a:heinekingmedia:stashcat:*:*:*:*:*:android:*:*
cpe:2.3:a:heinekingmedia:stashcat:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:heinekingmedia:stashcat:*:*:*:*:*:macos:*:*
cpe:2.3:a:heinekingmedia:stashcat:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 61%
0.00423
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
около 3 лет назад
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs.
EPSS
Процентиль: 61%
0.00423
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-200