CVE-2020-29041

{"id": "CVE-2020-29041", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-01-06T21:15:14.253", "references": [{"url": "https://blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-sesame-application-of-til-technologies/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sein-de-lapplication-web-sesame-de-til-technologies/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments."}, {"lang": "es", "value": "Una configuraci\u00f3n inapropiada en Web-Sesame versi\u00f3n 2020.1.1.3375, permite a un atacante no autenticado descargar el c\u00f3digo fuente de la aplicaci\u00f3n, facilitando su comprensi\u00f3n (revisi\u00f3n de c\u00f3digo). Espec\u00edficamente, los mapas de c\u00f3digo fuente de JavaScript fueron incluidos inadvertidamente en la configuraci\u00f3n del Webpack de producci\u00f3n. Estos mapas contienen fuentes utilizadas para generar el paquete, ajustes de configuraci\u00f3n (por ejemplo, claves de API) y comentarios de los desarrolladores"}], "lastModified": "2021-01-13T19:22:08.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sesame-system:web-sesame:2020.1.1.3375:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0E83B83-43D6-424A-8602-63F56676C1CB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}