[//]: # (werk v2)
# Information leak in mknotifyd
key | value
---------- | ---
date | 2024-07-15T11:23:40+00:00
version | 2.4.0b1
class | security
edition | cee
component | notifications
level | 1
compatible | yes
When a notification context is sent to mknotifyd a "result message" is generated
by mknotifyd and sent back so the original site so it can show if there were problems
handling that notification.
This result message could contain secrets that were not meant to be sent to remote sites,
e.g. passwords/secrets.
These secrets were not processed by the remote site but a rough site would have been able
to retrieve these.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.3 Medium
(`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`) and assigned `CVE-2024-6747`.
Show replies by date