| Titel | elunez eladmin <=2.7 Sensitive Information Disclosure |
|---|
| Beschreibung | In eladmin versions up to 2.7, the /auth/info endpoint returns user information without filtering entity fields. As a result, sensitive data including the user’s password hash is mistakenly returned, creating a risk of offline password brute-force attacks. |
|---|
| Quelle | ⚠️ https://github.com/elunez/eladmin/issues/885 |
|---|
| Benutzer | ez-lbz (UID 87033) |
|---|
| Einreichung | 10.08.2025 06:21 (vor 11 Monaten) |
|---|
| Moderieren | 20.08.2025 13:07 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 320773 [elunez eladmin bis 2.7 /auth/info Information Disclosure] |
|---|
| Punkte | 17 |
|---|