Regarding Security Vulnerabilities in Bata

S3cur3 t3ch s3cur3t3ch2022 at gmail.com
Tue Aug 23 06:04:57 EDT 2022


Dear Team,

Greetings of the day

Kindly ignore the previous mail.

Please find the updated mail below.

This mail is to inform you that I got a Security Issue on your website
https://pidgin.im/install/.

Issue : Able to access Sensitive Log file

Description : Any user can access a Change log file at
https://pidgin.im/ChangeLog in which sensitive data is getting revealed
(such as all the details of changes done are reflected along with the
person name who have done the changes, version numbers, etc.)

Steps to Reproduce :
1. Visit https://pidgin.im/ChangeLog

Impact :
Attackers can use this information for further exploits.

Remediation :
It is recommended to provide access to only legitimate users to
https://pidgin.im/ChangeLog and all other users should get 403 forbidden
error.

Kindly let me know in case of any additional information required.
Please let me know if you have any bug bounty programs or Hall of fame.

I look forward to hearing from you.

Thanks & Regards
s3cur3t3ch2022 at gmail.com

On Tue, Aug 23, 2022 at 3:04 PM S3cur3 t3ch <s3cur3t3ch2022 at gmail.com>
wrote:

> Dear Team,
>
> Greetings of the day
>
> This mail is to inform you regarding a that Security Issues in your
> website https://pidgin.im/install/ which were found while buying products
> which is impacting your users.
>
> I would be happy to inform & help your team about Vulnerabilities (Issues)
> found.
>
> I look forward to hearing from you.
>
> Thanks & Regards
> s3cur3t3ch2022 at gmail.com
>
>


More information about the security mailing list