Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
References
Link | Resource |
---|---|
https://ci.squashtest.org/mantis/view.php?id=7553 | Permissions Required Vendor Advisory |
https://www.openwall.com/lists/oss-security/2018/09/13/1 | Exploit Mailing List Third Party Advisory |
https://ci.squashtest.org/mantis/view.php?id=7553 | Permissions Required Vendor Advisory |
https://www.openwall.com/lists/oss-security/2018/09/13/1 | Exploit Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 03:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://ci.squashtest.org/mantis/view.php?id=7553 - Permissions Required, Vendor Advisory | |
References | () https://www.openwall.com/lists/oss-security/2018/09/13/1 - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2018-09-13 15:29
Updated : 2024-11-21 03:53
NVD link : CVE-2018-16987
Mitre link : CVE-2018-16987
CVE.ORG link : CVE-2018-16987
JSON object : View
Products Affected
squashtest
- squash_tm
CWE
CWE-522
Insufficiently Protected Credentials