CVE-2023-46240

Published: Oct 31, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.

Affected (1)

Products: Codeigniter: Codeigniter

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codeigniter Codeigniter	Before 4.4.3

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (6)

https://codeigniter4.github.io/userguide/general/errors.html#error-reporting

Source: security-advisories@github.com

Product

https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563

Source: security-advisories@github.com

Patch

https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj

Source: security-advisories@github.com

Vendor Advisory

https://codeigniter4.github.io/userguide/general/errors.html#error-reporting

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.