Inclusion of Sensitive Information in Source Code

CVE-2024-38327

Medium

6.8/10

Summary

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-540 - Inclusion of Sensitive Information in Source Code

Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.

References

Advisory Timeline

Published Jul 10, 2025

Inclusion of Sensitive Information in Source Code

CVE-2024-38327

Summary

CWE-540 - Inclusion of Sensitive Information in Source Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS