CVE-2020-29041

Опубликовано: 06 янв. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments.

Ссылки

https://blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-sesame-application-of-til-technologies/
Exploit
Third Party Advisory
https://blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sein-de-lapplication-web-sesame-de-til-technologies/
Exploit
Third Party Advisory
https://blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-sesame-application-of-til-technologies/
Exploit
Third Party Advisory
https://blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sein-de-lapplication-web-sesame-de-til-technologies/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sesame-system:web-sesame:2020.1.1.3375:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00704

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q949-6jcq-74v3

github

больше 3 лет назад