CVE-2021-30126

Name of the Vulnerable Software and Affected Versions Lightmeter ControlCenter versions 1.1.0 through 1.5.x before 1.5.1

Description The issue allows unauthorized access to application settings, potentially including sensitive information such as SMTP passwords and Slack access tokens, in publicly available Lightmeter instances. This is achieved via a settings HTTP query when the URL of the instance is known.

Recommendations For Lightmeter ControlCenter versions 1.1.0 through 1.5.x before 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings HTTP query to minimize the risk of exploitation.