CVE-2024-34525

Name of the Vulnerable Software and Affected Versions FileCodeBox version 2.0

Description The issue concerns the storage of sensitive information in cleartext. Specifically, FileCodeBox stores a OneDrive password and an AWS key in a cleartext env file. This poses a significant risk as it could allow unauthorized access to these services.

Recommendations For FileCodeBox version 2.0, consider encrypting the env file or using a secure method to store sensitive information, such as environment variables or a secrets manager, to mitigate the risk of exposure. As a temporary workaround, restrict access to the env file to minimize the risk of unauthorized access.