What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through <= 3.7.0.
Explanation of Vulnerability in Simple Terms
JetEngine versions up to 3.7.0 contain an information disclosure vulnerability that allows authenticated users to read sensitive data they should not have access to. The vulnerability requires a valid user account but no special privileges. An attacker with low-level access can retrieve confidential information from the plugin without modifying or disrupting site operations.
What an attacker can do
Read sensitive data from JetEngine that should be restricted to other users or administrators.
Potential impact on your site
User data, private settings, or other confidential information stored in JetEngine may be exposed to authenticated attackers.
Conditions required to exploit
Attacker must have a valid user account on the site with at least low-level privileges.
Key dates
External resources
Related vulnerabilities