Generation of Error Message Containing Sensitive Information

CVE-2020-24925

High

7.5/10

Summary

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-209 - Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

References

Advisory Timeline

Published Sep 15, 2020

Generation of Error Message Containing Sensitive Information

CVE-2020-24925

Summary

CWE-209 - Generation of Error Message Containing Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS