Password Logging Vulnerability in ProjectSend by ProjectSend
CVE-2019-11492

7.5HIGH

Key Information:

Vendor: Projectsend
Status: Projectsend
Vendor: CVE Published:; 26 April 2019

What is CVE-2019-11492?

A security flaw in ProjectSend allows sensitive user passwords to be inadvertently written to server logs, posing a significant risk to user data confidentiality. This vulnerability affects all versions of ProjectSend released prior to r1070. As such, attackers or unauthorized users may gain access to sensitive information if proper logging containment measures are not in place.

References

https://www.projectsend.org/change-log/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2019
Vulnerability Reserved
Apr 23, 2019

Projectsend

What is CVE-2019-11492?

References

CVSS V3.1

Timeline