Headline
GHSA-h6w8-27ph-c385: Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore.
Additional Information:
1.The issue was identified during routine security testing.
2.This vulnerability poses a significant risk to user privacy and data security.
3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.- GitHub Advisory Database
- GitHub Reviewed
- GHSA-h6w8-27ph-c385
Leantime has Insufficiently Protected Credentials
Moderate severity GitHub Reviewed Published Feb 18, 2025 in Leantime/leantime • Updated Feb 21, 2025
Package
composer leantime/leantime (Composer)
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore.
Additional Information:
1.The issue was identified during routine security testing.
2.This vulnerability poses a significant risk to user privacy and data security.
3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.
References
- GHSA-h6w8-27ph-c385
Published to the GitHub Advisory Database
Feb 21, 2025
Last updated
Feb 21, 2025