2 matches found
CVE-2023-48708
CodeIgniter Shield (for CodeIgniter 4) contains a vulnerability where successful login attempts can store raw tokens in the log table. If logs are viewed, an attacker could obtain a token and misuse user authority. The issue is fixed in Shield v1.0.0-beta.8; upgrade is advised. If upgrading isn’t...
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...