What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.
Explanation of Vulnerability in Simple Terms
Publitio versions up to 2.2.5 expose sensitive information to authenticated users with low privileges. An attacker with a valid account can read data they should not have access to, potentially including information from other users or system components. The vulnerability requires network access and a valid login but no additional user interaction. Update to version 2.2.6 or later.
What an attacker can do
Read sensitive data belonging to other users or system components.
Potential impact on your site
User data and system information may be exposed to any authenticated account, even those with minimal permissions.
Conditions required to exploit
Valid Publitio account with low-level privileges; network access to the application.
Key dates
External resources