Information disclosure when trying to delete an expense's attachment on m.mavenlink.com
Medium
M
Mavenlink
Submitted None
Team Summary
Official summary from Mavenlink
There was an information disclosure vulnerability in a particular error message on the mobile site. Using this vulnerability, it was possible to gain access to the filename of certain un-owned attachments.
Actions:
Reported by
aroly
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure