What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1.
Explanation of Vulnerability in Simple Terms
JetTricks versions up to 1.5.4.1 expose sensitive information to authenticated users. A logged-in attacker with low privileges can read data they should not have access to. The vulnerability requires a valid user account but no additional user interaction. Update to a version newer than 1.5.4.1 to resolve this issue.
What an attacker can do
Read sensitive data they should not have access to.
Potential impact on your site
User data may be exposed to authenticated attackers with low-level accounts.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources
Related vulnerabilities