Code injection

2018-09-1315:29:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

JSON

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.

CPENameOperatorVersion
squash_tmle1.18.0

CPE	Name	Operator	Version
	squash_tm	le	1.18.0

References

ci.squashtest.org/mantis/view.php?id=7553

www.openwall.com/lists/oss-security/2018/09/13/1