Sedan07

**Name of the Vulnerable Software and Affected Versions** Cachet versions prior to 2.5.1 **Description** Cachet is an open source status page system. Authenticated users, regardless of their privileges, can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP KEY`) and various passwords (email, database, etc). This issue was addressed by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. **Recommendations** For versions prior to 2.5.1, update to version 2.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the administration dashboard to only trusted source IP addresses.