Sensitive Data Leak

XMLWordPrintable

    • Type: Bug Report
    • Resolution: Won't Do
    • Priority: L3 - Default
    • None
    • Affects Version/s: None
    • Component/s: camunda.org
    • None

      Vulnerability Name: Sensitive Data Leak
       
      Vulnerability Description:
      Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. ... This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to an incorrect database.

       

      How to Reproduce:

       

      Step 1: First I open the website "https://docs.camunda.org/manual/7.16/"

      Step 2: I show "cawemo" option there I click on it

      Step 3: It redirect to "https://docs.camunda.org/cawemo/latest/"

      Step 4: I got to 1.5 version of cawemo 

      Step 5: It redirect to "https://docs.camunda.org/cawemo/1.5/"

      Step6 : I add ".env" at last of URL

      Step 7: I got a some sensitive information like server,databasse,email,websockets

       

      POC:

      Screenshot attached  

        This is the controller panel for Smart Panels app

          1. Screenshot_20211227_001537.png
            135 kB
            Solanki Ajay

              Assignee:
              Miklas Boskamp
              Reporter:
              Solanki Ajay
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: