CVE-2021-40875

Name of the Vulnerable Software and Affected Versions Gurock TestRail versions prior to 7.2.0.3014

Description The issue is related to improper access control, resulting in sensitive information exposure. A threat actor can access the "/files.md5" file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. These file paths can be tested, potentially leading to the disclosure of hardcoded credentials, API keys, or other sensitive data.

Recommendations For versions prior to 7.2.0.3014, update to version 7.2.0.3014 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/files.md5" file to minimize the risk of exploitation.