Описание
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.3 (включая)
cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00327
Низкий
7.6 High
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-598
CWE-200
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.
EPSS
Процентиль: 55%
0.00327
Низкий
7.6 High
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-598
CWE-200