Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-14216

Sensitive Data Leak

    XMLWordPrintable

Details

    • Bug Report
    • Resolution: Won't Do
    • L3 - Default
    • None
    • None
    • camunda.org
    • None

    Description

      Vulnerability Name: Sensitive Data Leak
       
      Vulnerability Description:
      Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. ... This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to an incorrect database.

       

      How to Reproduce:

       

      Step 1: First I open the website "https://docs.camunda.org/manual/7.16/"

      Step 2: I show "cawemo" option there I click on it

      Step 3: It redirect to "https://docs.camunda.org/cawemo/latest/"

      Step 4: I got to 1.5 version of cawemo 

      Step 5: It redirect to "https://docs.camunda.org/cawemo/1.5/"

      Step6 : I add ".env" at last of URL

      Step 7: I got a some sensitive information like server,databasse,email,websockets

       

      POC:

      Screenshot attached  

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              miklas.boskamp Miklas Boskamp
              iamxroot Solanki Ajay
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce