PT-2020-16349 · Touchbase.Ai · Touchbase.Ai

Woo0Ood

Published

2020-11-11

Updated

2020-11-17

CVE-2020-26220

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions toucbase.ai versions prior to 2.0

Description The issue allows anyone with access to uploaded images of other users to obtain geolocation, device, and software version data if this information is present in the image's exif data, due to the failure to strip exif data from images.

Recommendations For versions prior to 2.0, update to version 2.0 to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-26220

GHSA-HH6J-J73P-CP3H

Affected Products

Touchbase.Ai

PT-2020-16349 · Touchbase.Ai · Touchbase.Ai

CVE-2020-26220

Weakness Enumeration

Related Identifiers

Affected Products

References · 7