Design/Logic Flaw

2020-05-1805:15:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.8%

JSON

An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs.

CPENameOperatorVersion
stashcatle3.9.1
stashcatle3.9.1
stashcatle3.9.1
stashcatle3.9.1

Name	Operator	Version
stashcat	le	3.9.1
stashcat	le	3.9.1
stashcat	le	3.9.1
stashcat	le	3.9.1

References

www.jvanlaak.de/stashcat.html

www.jvanlaak.de/stashcat_CWE_598_200517.pdf