What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1.
Explanation of Vulnerability in Simple Terms
JetMenu versions up to 2.4.11.1 expose sensitive information to authenticated users. An attacker with a low-privilege account can read data they should not have access to. The vulnerability requires login credentials but no additional user interaction. Update to a version newer than 2.4.11.1 to resolve this issue.
What an attacker can do
Read sensitive data they should not have access to.
Potential impact on your site
User data may be exposed to authenticated attackers with limited permissions.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources