answer information disclosure vulnerability (CNVD-2023-29790)

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

Information disclosure

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8...

PT-2023-17382 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the exposure of sensitive information through metadata in the answerdev/answer GitHub repository. This exposure can include sensitive data such as EXIF data and GPS...

answer 安全漏洞

answer is an open source knowledge-based community software. An access control error vulnerability exists in versions of answer prior to 1.1.6, which stems from prolonged password expiration. An attacker could exploit the vulnerability to account account takeover...

CVE-2023-1975 Insertion of Sensitive Information Into Sent Data in answerdev/answer

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2023-1976 Password Aging with Long Expiration in answerdev/answer

Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6...

answer 安全漏洞

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...

PT-2023-17383 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the insertion of sensitive information into sent data. Specifically, answerdev/answer, an open-source knowledge-based community software, does not strip EXIF geolocation...

CVE-2023-1976

CVE-2023-1976 affects answerdev/answer (open-source knowledge-based community software). The root cause is password reset links not expiring, enabling potential account takeover for versions prior to 1.0.6. Exploitation details are not provided in the documents; impact is described as account tak...

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2023-1975

The CVE-2023-1975 entry refers to an information-disclosure flaw in the open-source project answerdev/answer prior to version 1.0.8, where EXIF geolocation data is not stripped from user-uploaded logos. Multiple connected sources (CNVD/CNNVD, GHSA, OSV, NVD, CVE listings) corroborate that an atta...

CVE-2023-1976 Password Aging with Long Expiration in answerdev/answer

Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

The vulnerability of the `answer_request` function in the `fuzz_rfc1035.c` component of the DNS server Dnsmasq allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the answerrequest function in the fuzzrfc1035.c component of the DNS server Dnsmasq is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

Answer vulnerable to Stored Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

CVE-2023-1542

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1543

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1540

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1535

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...