CVE-2020-29041 — MEDIUM (5.3)

Vulnerability Description

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sesame-System	Web-Sesame	2020.1.1.3375

References

https://blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-ExploitThird Party Advisory
https://blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sExploitThird Party Advisory
https://blog.bssi.fr/source-code-vulnerability-disclosure-discovered-in-the-web-ExploitThird Party Advisory
https://blog.bssi.fr/vulnerabilite-de-divulgation-de-code-source-identifiee-au-sExploitThird Party Advisory

FAQ

What is CVE-2020-29041?

CVE-2020-29041 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript...

How severe is CVE-2020-29041?

CVE-2020-29041 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29041?

Check the references section above for vendor advisories and patch information. Affected products include: Sesame-System Web-Sesame.