CVE-2020-13129

Name of the Vulnerable Software and Affected Versions stashcat app versions through 3.9.1

Description An issue in the stashcat app allows attackers to obtain sensitive information by reading web-server logs. The GET method is used with client key and device id data in the query string.

Recommendations For versions through 3.9.1, consider restricting access to web-server logs to minimize the risk of exploitation. As a temporary workaround, avoid using the client key and device id in the query string until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.