Sensitive Information Exposure

🗓️ 28 Nov 2024 09:29:44Reported by Veracode Vulnerability DatabaseType

Vulnerability in filament/actions allows sensitive information exposure via insecure default configuration.

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the component set in the full stack for rapid development of the Filament PHP framework Laravel, related to insecure resource initialization, allows attackers to exploit it to disclose sensitive information.	13 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-51758	7 Nov 202420:16	–	circl
CNNVD	Filament 安全漏洞	7 Nov 202400:00	–	cnnvd
CVE	CVE-2024-51758	7 Nov 202417:46	–	cve
Cvelist	CVE-2024-51758 Exported files stored in default (`public`) filesystem if not reconfigured in filament	7 Nov 202417:46	–	cvelist
EUVD	EUVD-2024-3195	3 Oct 202520:07	–	euvd
Github Security Blog	Filament has exported files stored in default (`public`) filesystem if not reconfigured	7 Nov 202416:14	–	github
NVD	CVE-2024-51758	7 Nov 202418:15	–	nvd
OSV	CVE-2024-51758 Exported files stored in default (`public`) filesystem if not reconfigured in filament	7 Nov 202417:46	–	osv
OSV	GHSA-4HXW-GC2Q-F6F3 Filament has exported files stored in default (`public`) filesystem if not reconfigured	7 Nov 202416:14	–	osv

Vulners

Node

Source	Link
github	www.github.com/filamentphp/filament/blob/3.x/packages/actions/src/Exports/Exporter.php
filamentphp	www.filamentphp.com/docs/3.x/actions/prebuilt-actions/export
github	www.github.com/filamentphp/filament/commit/19f5347f0e17d9f4eb515e24ea5632031c6829df
github	www.github.com/advisories/GHSA-4hxw-gc2q-f6f3
github	www.github.com/filamentphp/filament/security/advisories/GHSA-4hxw-gc2q-f6f3

28 Nov 2024 18:52Current

6.3Medium risk

Vulners AI Score6.3

CVSS 42.3

EPSS0.00104

SSVC