Regarding Security Vulnerabilities in Pidgin

S3cur3 t3ch s3cur3t3ch2022 at gmail.com
Tue Aug 23 06:11:08 EDT 2022


Dear Team,

Greetings of the day

Kindly ignore the previous mail.

Please find the updated mail below.

This mail is to inform you that I got a Security Issue on your website
https://pidgin.im/install/.
Please find attached screenshot for reference.

Issue : Able to access Sensitive Log file

Description : Any user can access a Change log file at
https://pidgin.im/ChangeLog in which sensitive data is getting revealed
(such as all the details of changes done are reflected along with the
person name who have done the changes, version numbers, etc.)

Steps to Reproduce :
1. Visit https://pidgin.im/ChangeLog

Impact :
Attackers can use this information for further exploits.

Remediation :
It is recommended to provide access to only legitimate users to
https://pidgin.im/ChangeLog and all other users should get 403 forbidden
error.

Kindly let me know in case of any additional information required.
Please let me know if you have any bug bounty programs or Hall of fame.

I look forward to hearing from you.

Thanks & Regards
s3cur3t3ch2022 at gmail.com


More information about the security mailing list