What the vulnerability does
01Description
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
Explanation of Vulnerability in Simple Terms
Corpkit versions up to 1.0.5 expose sensitive information to authenticated users. An attacker with low-level account access can read data they should not have permission to view. The vulnerability does not allow modification or deletion of data, only unauthorized disclosure. Update to a version newer than 1.0.5.
What an attacker can do
Read sensitive data they should not have access to.
Potential impact on your site
User data or configuration details may be exposed to low-privilege account holders.
Conditions required to exploit
Attacker must have a low-privilege account on the site.
Key dates
External resources
Related vulnerabilities