What the vulnerability does
01Description
Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.
Explanation of Vulnerability in Simple Terms
Backup Migration versions up to 2.1.1 expose sensitive backup data without requiring authentication. An attacker on the network can retrieve complete backup files containing database contents, configuration files, and user data by accessing the backup storage directly. No user interaction or special privileges are needed to exploit this vulnerability.
What an attacker can do
Download complete backup files containing database, configuration, and user data without logging in.
Potential impact on your site
All backed-up data—databases, configs, user credentials—can be read by anyone on the internet.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities