CVE-2021-44862— Sensitive Information store in NSClient logs

Sensitive Information store in NSClient logs

Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

通过日志文件的信息暴露

Netskope 日志信息泄露漏洞

Netskope是美国Netskope公司的一款应用于云环境的威胁防护网关。 Netskope client存在安全漏洞，该漏洞源于通过身份验证的本地攻击者可以查看存储在NSClient日志中的敏感信息导致恶意用户可以使用敏感信息下载数据并冒充其他用户。

N/A

N/A