Regarding Security Vulnerabilities in Pidgin
s3cur3t3ch2022 at gmail.com
Thu Aug 25 07:32:36 EDT 2022
Kindly let me know if there is any update about the issue mentioned in the
below mail trail.
Thanks & Regards
On Tue, Aug 23, 2022 at 3:41 PM S3cur3 t3ch <s3cur3t3ch2022 at gmail.com>
> Dear Team,
> Greetings of the day
> Kindly ignore the previous mail.
> Please find the updated mail below.
> This mail is to inform you that I got a Security Issue on your website
> Please find attached screenshot for reference.
> Issue : Able to access Sensitive Log file
> Description : Any user can access a Change log file at
> https://pidgin.im/ChangeLog in which sensitive data is getting revealed
> (such as all the details of changes done are reflected along with the
> person name who have done the changes, version numbers, etc.)
> Steps to Reproduce :
> 1. Visit https://pidgin.im/ChangeLog
> Impact :
> Attackers can use this information for further exploits.
> Remediation :
> It is recommended to provide access to only legitimate users to
> https://pidgin.im/ChangeLog and all other users should get 403 forbidden
> Kindly let me know in case of any additional information required.
> Please let me know if you have any bug bounty programs or Hall of fame.
> I look forward to hearing from you.
> Thanks & Regards
> s3cur3t3ch2022 at gmail.com
More information about the security