Описание
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
EPSS
Процентиль: 40%
0.00187
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 9.8
github
4 месяца назад
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
EPSS
Процентиль: 40%
0.00187
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-284