Regarding Security Vulnerabilities in Pidgin
S3cur3 t3ch
s3cur3t3ch2022 at gmail.com
Thu Aug 25 07:32:36 EDT 2022
Dear Team,
Kindly let me know if there is any update about the issue mentioned in the
below mail trail.
Thanks & Regards
On Tue, Aug 23, 2022 at 3:41 PM S3cur3 t3ch <s3cur3t3ch2022 at gmail.com>
wrote:
> Dear Team,
>
> Greetings of the day
>
> Kindly ignore the previous mail.
>
> Please find the updated mail below.
>
> This mail is to inform you that I got a Security Issue on your website
> https://pidgin.im/install/.
> Please find attached screenshot for reference.
>
> Issue : Able to access Sensitive Log file
>
> Description : Any user can access a Change log file at
> https://pidgin.im/ChangeLog in which sensitive data is getting revealed
> (such as all the details of changes done are reflected along with the
> person name who have done the changes, version numbers, etc.)
>
> Steps to Reproduce :
> 1. Visit https://pidgin.im/ChangeLog
>
> Impact :
> Attackers can use this information for further exploits.
>
> Remediation :
> It is recommended to provide access to only legitimate users to
> https://pidgin.im/ChangeLog and all other users should get 403 forbidden
> error.
>
> Kindly let me know in case of any additional information required.
> Please let me know if you have any bug bounty programs or Hall of fame.
>
> I look forward to hearing from you.
>
> Thanks & Regards
> s3cur3t3ch2022 at gmail.com
>
More information about the security
mailing list