PT-2023-24669 · Unknown · Hoppscotch

Webysther

Publicado

2023-06-05

Atualizado

2023-06-13

CVE-2023-34097

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2023.4.5

Description The issue concerns the exposure of the database password in system logs when the database connection string is displayed. This could allow attackers with access to system logs to elevate their privileges and gain full access to the database.

Recommendations For versions prior to 2023.4.5, upgrade to version 2023.4.5 or later to resolve the issue. As a temporary mitigation measure, consider restricting access to system logs to minimize the risk of exploitation.

Exploit

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2023-34097

GHSA-QPX8-WQ6Q-R833

Produtos afetados

Hoppscotch

PT-2023-24669 · Unknown · Hoppscotch

CVE-2023-34097

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7