Описание
Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.
Ссылки
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.3.5 (исключая)
cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-209
CWE-209
EPSS
Процентиль: 47%
0.0024
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-209
CWE-209