CVE-2023-1974

Exposure of Sensitive Information Through Metadata in answerdev/answer

CVSS 7.7 HIGHEPSS 0.6%CWE-1230

In short

The Answer application before version 1.0.8 leaks sensitive information through file metadata, allowing unauthorized users to discover details that should remain hidden. This can expose configuration data, internal paths, or other confidential information embedded in files.

Technical detail

CWE-1230 describes improper exposure of sensitive information through metadata in file systems or archives. In answer prior to 1.0.8, metadata attributes (timestamps, internal identifiers, or embedded comments) in served files may be accessible to unauthenticated attackers, leading to information disclosure without requiring special privileges or user interaction.

Summary generated and translated by AI from the official description.

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

answerdev · answerdev/answer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439