PT-2021-11640 · Webpack+1 · Webpack+1

Published

2021-01-06

Updated

2021-01-13

CVE-2020-29041

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Web-Sesame version 2020.1.1.3375

Description: A misconfiguration in the software allows an unauthenticated attacker to download the source code of the application. This is due to JavaScript source maps being inadvertently included in the production Webpack configuration, which contain sources used to generate the bundle, configuration settings such as API keys, and developers' comments.

Recommendations: For Web-Sesame version 2020.1.1.3375, remove the JavaScript source maps from the production Webpack configuration to prevent unauthorized access to the application's source code. Consider restricting access to sensitive configuration settings and developers' comments until a more permanent fix is implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29041

Affected Products

Web-Sesame

Webpack

PT-2021-11640 · Webpack+1 · Webpack+1

CVE-2020-29041

Related Identifiers

Affected Products

References · 5