Published: 28/08/2021 Updated: 09/09/2021
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

catchethq catchet

Github Repositories

Project Title CVE-2021-39174 Cachet 240-dev Information Disclosure Description A python3 script for CVE-2021-39174 Cachet 240-dev Information Disclosure Getting Started Executing program Data Extraction python3 cachet_240-devpy -t cachetsite/ -u username -p password Help For help menu: python3 cachet_240-devpy -h

CVE-2021-39174-PoC Cachet configuration leak dumper CVE-2021-39174 PoC