Lucene search
+L

4 matches found

cve
cve
added 2026/04/21 7:40 p.m.8 views

CVE-2026-40885

CVE-2026-40885 (goshs) involves a credential leakage in goshs, a Go-based SimpleHTTPServer. From 2.0.0-beta.4 to beta.5, the public collaborator feed leaks file-based ACL credentials and can expose a victim’s folder-specific Basic auth header to unauthenticated websocket observers. This enables a...

8.8CVSS5.8AI score0.00311EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/04/21 7:40 p.m.4 views

CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...

7.7CVSS6AI score0.00311EPSS
Exploits1References3
osv
osv
added 2026/04/14 10:28 p.m.4 views

GHSA-7H3J-592V-JCRP goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access

Summary goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including...

8.8CVSS5.8AI score0.00311EPSS
Exploits1References3
github
github
added 2026/04/14 10:28 p.m.7 views

goshs's public collaborator feed leaks .goshs ACL credentials and enables unauthorized access

Summary goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and the collaborator websocket broadcasts raw request headers, including...

8.8CVSS5.8AI score0.00311EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder