Vulnerability Details : CVE-2020-29041
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments.
Products affected by CVE-2020-29041
- cpe:2.3:a:sesame-system:web-sesame:2020.1.1.3375:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-29041
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-29041
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
References for CVE-2020-29041
-
https://blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sein-de-lapplication-web-sesame-de-til-technologies/
[CVE-2020-29041] Vulnérabilité de divulgation de code source identifiée au sein de l’application Web-Sesame de TIL TECHNOLOGIES - Blog BSSIExploit;Third Party Advisory
-
https://blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-sesame-application-of-til-technologies/
[CVE-2020-29041] Source code vulnerability disclosure discovered in the Web-Sesame application of TIL TECHNOLOGIES - Blog BSSIExploit;Third Party Advisory
Jump to