5 matches found
CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-21644
Affected software: pyLoad (Python-based download manager). Issue: Unauthenticated users can access the Flask configuration, including the SECRET_KEY, via a specific URL endpoint, due to improper access control in the web UI. Root cause / details: The vulnerability is triggered by a route that ren...
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-21644
creationtimestamp| type| source ---|---|--- 2024-01-06 00:59:22+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv 2024-01-08 15:26:33+00:00| seen| https://t.me/ctinow/164401 2024-01-25 11:36:52+00:00| seen| https://t.me/ctinow/173387...