What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.
Explanation of Vulnerability in Simple Terms
Blockspare versions up to 3.2.13.2 expose sensitive information to authenticated users. An attacker with low-level account access can read data they should not have permission to view. The vulnerability requires valid login credentials and affects confidentiality only. Update to version 4.2.0 or later to resolve this issue.
What an attacker can do
Read sensitive data they lack authorization to access.
Potential impact on your site
User data confidentiality is at risk if accounts are compromised or shared among untrusted staff.
Conditions required to exploit
Valid login account with low-level privileges; network access to the application.
Key dates
External resources
Related vulnerabilities