CVE-2024-38761

Published: Aug 1, 2024Modified: Feb 11, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.99.

Affected (1)

Products: Zephyr One: Zephyr Project Manager

Zephyr One

1 product

Zephyr Project Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zephyr One Zephyr Project Manager	Before 3.3.100

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://patchstack.com/database/vulnerability/zephyr-project-manager/wordpress-zephyr-project-manager-plugin-3-3-99-sensitive-data-exposure-via-export-file-vulnerability?_s_id=cve

Source: audit@patchstack.com

Third Party Advisory

Timeline

No history available yet.