← back
CVE-2024-28627

CVE-2024-28627

CVSS 7.5 HIGHEPSS 0.4%CWE-603CWE-863
In short

Flipsnack's reader.gz.js file exposes sensitive information that a local attacker can access. This matters because an attacker with access to the same system could steal private data stored in this file.

Technical detail

A local information disclosure vulnerability exists in Flipsnack v.18/03/2024 affecting the reader.gz.js file (CWE-603: Use of Hard-Coded Password, CWE-863: Incorrect Authorization). A local attacker with file-system access can retrieve sensitive information, potentially including credentials or configuration data, due to inadequate access controls or hardcoded secrets.

Summary generated and translated by AI from the official description.
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://labs.integrity.pt/advisories/cve-2024-28627/https://www.flipsnack.com/