Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".
References
Link | Resource |
---|---|
https://github.com/ShuaiJunlan/Autumn/issues/82 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-08T20:18:22
Updated: 2021-09-08T20:18:22
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-19137
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-08T21:15:07.843
Modified: 2021-09-15T17:51:33.223
Link: CVE-2020-19137
JSON object: View
Redhat Information
No data.
CWE