GHSA-h6w8-27ph-c385

Source

https://github.com/advisories/GHSA-h6w8-27ph-c385

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-h6w8-27ph-c385/GHSA-h6w8-27ph-c385.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-h6w8-27ph-c385

Published

2025-02-21T22:15:19Z

Modified

2025-02-21T22:28:19.981237Z

Severity

5.7 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Leantime has Insufficiently Protected Credentials

Details

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore.

Additional Information:

1.The issue was identified during routine security testing.
2.This vulnerability poses a significant risk to user privacy and data security.
3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-21T22:15:19Z",
    "severity": "MODERATE",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-522"
    ]
}

References

Affected packages

Packagist / leantime/leantime

Package

Name: leantime/leantime
Purl: pkg:composer/leantime/leantime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3

Affected versions

v2.*

v2.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.1-beta

v2.1-beta2

v2.1-beta3

v2.1-beta5

v2.1-beta6

v2.1

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.2.10

v2.2.11

v2.3.0-beta

v2.3.1-beta

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.15

v2.3.16

v2.3.17

v2.3.18

v2.3.19

v2.3.20

v2.3.21

v2.3.22

v2.3.23

v2.3.24

v2.3.25

v2.3.26

v2.3.27

2.*

2.4-beta

2.4-beta-7

2.4-beta-8

2.4

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.7

2.4.8

3.*

3.0.0-beta

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.1.0-beta

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0-beta

3.2.0-beta-2

3.2.0

3.2.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-h6w8-27ph-c385/GHSA-h6w8-27ph-c385.json"