PT-2023-21228 · Google · Google Cloud Tts+1
Rozbb
·
Published
2023-03-13
·
Updated
2023-03-17
·
CVE-2023-27587
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ReadtoMyShoe versions prior to commit 8533b01
Description
The issue arises when an error occurs while adding an article to the web app, resulting in an error message that includes sensitive information. Specifically, if the error is related to the Google Cloud TTS request, the error message will contain the full URL of the request, which includes the Google Cloud API key. There are no known workarounds for this issue.
Recommendations
For versions prior to commit 8533b01, upgrade to a version that includes the patch, and as part of the upgrade process, delete the current GCP API key and issue a new one.
Exploit
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Cloud Api
Google Cloud Tts