Description

Invicti determined that it was possible to access ImageResizer Diagnotics plugin without authentication.

Remediation

Restrict access to ImageResizer Diagnotics plugin

References

Diagnostics plugin

Related Vulnerabilities

Version Disclosure (ASP.NET)

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)

Atlassian Jira insecure REST permissions

[Possible] Password Transmitted over Query String

ASP.NET CustomErrors Is Disabled

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration