PT-2019-20080 — Information Disclosure in Unknown Tunnel-Agent

PT-2019-20080 · Unknown · Tunnel-Agent

Published

2019-06-03

Updated

2019-06-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions tunnel-agent versions prior to 0.6.0

Description The issue allows for memory exposure and can be exploited if user-supplied input is provided to the auth value and is a number. This can occur when the tunnel option is set to true and the proxy settings include user-supplied input for authentication.

Recommendations Update to version 0.6.0 or later.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

GHSA-XC7V-WXCW-J472

Affected Products

Tunnel-Agent

PT-2019-20080 · Unknown · Tunnel-Agent

Weakness Enumeration

Related Identifiers

Affected Products

References · 4