2 matches found
Cachet 2.4: Code Execution via Laravel Configuration Injection
Status pages are now an essential service offered by all Software-as-a-Service companies we do it too!. To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a...
CVE-2021-39174
Cachet prior to 2.5.1 allows authenticated users (any privilege) to leak values from the dotenv configuration, including APP_KEY and passwords. The root cause is updates to the dotenv file via UpdateConfigCommandHandler without proper validation, enabling newline/newline-like entries and, in some...