Sensitive Data Leak

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Won't Do
    • Priority: L3 - Default
    • None
    • Affects Version/s: None
    • Component/s: camunda.org
    • None

      Vulnerability Name: Sensitive Data Leak
       
      Vulnerability Description:
      Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. ... This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to an incorrect database.

       

      How to Reproduce:

       

      Step 1: First I open the website "https://docs.camunda.org/manual/7.16/"

      Step 2: I show "cawemo" option there I click on it

      Step 3: It redirect to "https://docs.camunda.org/cawemo/latest/"

      Step 4: I got to 1.5 version of cawemo 

      Step 5: It redirect to "https://docs.camunda.org/cawemo/1.5/"

      Step6 : I add ".env" at last of URL

      Step 7: I got a some sensitive information like server,databasse,email,websockets

       

      POC:

      Screenshot attached  

        1. Screenshot_20211227_001537.png
          Screenshot_20211227_001537.png
          135 kB

            Assignee:
            Miklas Boskamp
            Reporter:
            Solanki Ajay
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: