Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-27587
HistoryMar 13, 2023 - 10:15 p.m.

Cross site request forgery (csrf)

2023-03-1322:15:00
PRIOn knowledge base
www.prio-n.com
1
readtomyshoe
error message
sensitive information
pre-commit
8533b01
google cloud tts
request url
api key
patched
upgrade
gcp

6.3 Medium

AI Score

Confidence

High

0.172 Low

EPSS

Percentile

96.1%

JSON

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.

CPENameOperatorVersion
readtomyshoeeq< 2023313

Related

osv 1
cvelist 1
nuclei 1
cve 1
nvd 1
osv
osv
CVE-2023-27587
2023-03-13 22:15:12
cvelist
cvelist
CVE-2023-27587
2023-03-13 00:00:00
nuclei
nuclei
ReadToMyShoe - Generation of Error Message Containing Sensitive Information
2023-03-15 16:39:41
cve
cve
CVE-2023-27587
2023-03-13 22:15:12
nvd
nvd
CVE-2023-27587
2023-03-13 22:15:12

6.3 Medium

AI Score

Confidence

High

0.172 Low

EPSS

Percentile

96.1%

JSON
Related for PRION:CVE-2023-27587
osv1cvelist1nuclei1cve1nvd1