oss-sec mailing list archives

CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string

From: Chao Gong <gongchao () apache org>
Date: Sat, 16 Nov 2024 09:54:29 +0000

Severity: low

Affected versions:

- Apache HertzBeat before 1.6.1

Description:

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: before 1.6.1.

Users are recommended to upgrade to version 1.6.1, which fixes the issue.

Credit:

Ícaro Torres (finder)

References:

https://www.cve.org/CVERecord?id=CVE-2024-45791

Current thread:

CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string Chao Gong (Nov 16)