An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs.
References
Link | Resource |
---|---|
https://www.jvanlaak.de/stashcat.html | Third Party Advisory |
https://www.jvanlaak.de/stashcat_CWE_598_200517.pdf | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-05-18 05:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-13129
Mitre link : CVE-2020-13129
CVE.ORG link : CVE-2020-13129
JSON object : View
Products Affected
heinekingmedia
- stashcat
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor