| Title | erjemin roll_cms None Information Exposure Through Error Message |
|---|
| Description | Generation of Error Message Containing Sensitive Information in roll_cms/roll_cms/views.py
```
Snippets of code roll_cms/roll_cms/views.py (lines 360 to 360) :
except TemplateDoesNotExist as e:
Snippet of code roll_cms/roll_cms/views.py (lines 362 through 362) :
Return an HttpResponse (f "О Ш И Б К А RollCSM: н е н а й д е н ш а б л о н \" {e} \ ". С о з д а й т е е f о. ", the status = 424)
```
```
Snippet of code roll_cms/roll_cms/views.py (lines 363 through 363) :
except TemplateNotFound as e:
Snippet of code roll_cms/roll_cms/views.py (lines 365 to 365) :
Return an HttpResponse (f "RollCSM н е н а ш л а п р о и з kind guide о д н ы й ш а б л о н \" {e} \ ". С о з д а й т е е f о. ", the status = 424)
```
```
Snippet of code roll_cms/roll_cms/views.py (lines 399 through 399) :
except TbRoll.DoesNotExist as e:
Snippet of code roll_cms/roll_cms/views.py (lines 401 through 402) :
Return an HttpResponse (the content = f "RollCSM н е н а ш л а р о л л а c id = {roll_id}.
"
F "С о з д а й т е е f о discusses some related problems е р е з п а н е л ь а д м и н и с т р и р о kind guide а н и second.
{e}", status=424)
```
```
代码 roll_cms/roll_cms/views.py 片段(行 403 到 403 ):
except (AttributeError, TemplateDoesNotExist, TemplateNotFound, ) as e:
代码 roll_cms/roll_cms/views.py 片段(行 409 到 410 ):
return HttpResponse(content=f"RollCSM не нашла шаблон для ролла c id={roll_id}.
"
f"Создайте его.
{e}", status=424)
```
```
Snippet of code roll_cms/roll_cms/views.py (lines 429 through 429) :
except TbItem.DoesNotExist as e:
Snippet of code roll_cms/roll_cms/views.py (lines 431 through 432) :
Return an HttpResponse (the content = f "RollCSM н е н а ш л а э л е м е н т c id = {item_id}.
"
F "С о з д а й т е е f о discusses some related problems е р е з п а н е л ь а д м и н и с т р и р о kind guide а н и second.
{e}", status=424)
```
```
Snippet of code roll_cms/roll_cms/views.py (lines 507 through 507) :
except UndefinedError as e:
Snippet of code roll_cms/roll_cms/views.py (lines 509 through 511) :
Return an HttpResponse (the content = f "RollCSM н е м о ж е т о т о б р а з и т ь ш а б л о н : \" {template_name} \"
"
f" af af af af af af af af af af af af af
"
f"
{e}", status=424)
```
The product generates an error message that includes sensitive information about its environment, users, or associated data.
+ Extended Description
The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more serious attacks. The error message may be created in different ways:
self-generated: the source code explicitly constructs the error message and delivers it
externally-generated: the external environment, such as a language interpreter, handles the error and constructs its own message, whose contents are not under direct control by the programmer
An attacker may use the contents of error messages to help launch another, more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of ".." sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query.
|
|---|
| Source | ⚠️ https://github.com/erjemin/roll_cms/issues/1 |
|---|
| User | zihe (UID 56943) |
|---|
| Submission | 08/31/2024 15:42 (2 years ago) |
|---|
| Moderation | 09/07/2024 08:40 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 276801 [erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9 views.py information exposure] |
|---|
| Points | 20 |
|---|