CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.
AnalysisAI
Webpushr web push notification plugin versions 4.38.0 and earlier expose sensitive embedded system data to unauthorized parties through an information disclosure vulnerability. An unauthenticated remote attacker can retrieve this sensitive information without user interaction, potentially compromising system configuration details and credentials. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running Webpushr and assess data sensitivity; disable web push features if not business-critical. Within 7 days: Implement network segmentation to restrict Webpushr access, deploy WAF rules to block suspicious requests, and monitor logs for exploitation attempts. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today