CVE-2020-29041
Published: 06 January 2021
Summary
CVE-2020-29041 is a medium-severity an unspecified weakness vulnerability in Sesame-System Web-Sesame. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 27.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-21423
Vulnerability details
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to…
more
generate the bundle, configuration settings (e.g., API keys), and developers' comments.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.