This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Direct request to `/script/.env` leaks sensitive config data. π₯ **Consequences**: Full system compromise, tenant DB access, email infrastructure takeover.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Information Disclosure via insecure file access. The `.env` file is directly accessible, exposing secrets. (CWE not specified in data).
π΅οΈ **Attacker Actions**: 1. Bypass auth via session token forgery. 2. Access **all tenant databases**. 3. Take over **email infrastructure**. 4. Complete system control.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. CVSS: `AV:N` (Network), `AC:L` (Low Complexity), `PR:N` (No Privs), `UI:N` (No User Interaction). Easy to exploit remotely.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π» **Exploit Status**: No public PoC listed in data (`pocs: []`). However, GitHub advisory exists. Wild exploitation likely possible given low barrier.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for direct HTTP GET requests to `/script/.env`. Check if server returns environment variables or config secrets. Use automated scanners for `.env` exposure.
π§ **Workaround**: Block direct access to `/script/.env` via Web Application Firewall (WAF) or Nginx/Apache config. Restrict file permissions. Rotate all exposed credentials immediately.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **CRITICAL**. CVSS Score implies High Impact (`C:H`, `I:H`). Immediate action required to prevent data breach and system takeover. Patch or mitigate ASAP.