PT-2024-27086 · Unknown+1 · Annonshop.App+2
Published
2024-06-13
·
Updated
2024-11-25
·
CVE-2024-36589
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Annonshop.app versions 2b2b4 through ba9fd
DecentralizeJustice/anonymousLocker versions 2b2b4 through ba9fd
DecentralizeJustice/anonBackend versions 57837 through cd815
Description
An issue was discovered in the specified commits of Annonshop.app, DecentralizeJustice/anonymousLocker, and DecentralizeJustice/anonBackend, where credentials are stored in plaintext.
Recommendations
For Annonshop.app versions 2b2b4 through ba9fd, consider updating to a version that does not store credentials in plaintext.
For DecentralizeJustice/anonymousLocker versions 2b2b4 through ba9fd, consider updating to a version that does not store credentials in plaintext.
For DecentralizeJustice/anonBackend versions 57837 through cd815, consider updating to a version that does not store credentials in plaintext.
As a temporary workaround, consider restricting access to sensitive areas of the application until a patch is available.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Annonshop.App
Decentralizejustice/Anonbackend
Decentralizejustice/Anonymouslocker