Inclusion of Sensitive Information in Source Code

CVE-2023-30802

Medium

5.3/10

Summary

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-540 - Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

References

Advisory Timeline

Published Oct 10, 2023

Inclusion of Sensitive Information in Source Code

CVE-2023-30802

Summary

CWE-540 - Inclusion of Sensitive Information in Source Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS