WebPageTest Unauthorized Access Vulnerability

Description

WebPageTest is a web performance tool that uses real browsers to access web pages.

WebPageTest is designed to be accessed by privileged users only. It's not recommended to have WebPageTest publicly accessible.

Remediation

Restrict access to WebPageTest

References

WebPageTest

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19968)

WordPress Plugin File Manager Information Disclosure (6.4)

GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability

WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)

WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N