Information disclosure in content hub
Summary
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.
Version | Affected | Solution |
---|---|---|
FortiSOAR 7.3 | 7.3.0 | Upgrade to 7.3.1 or above |
FortiSOAR 7.2 | 7.2 all versions | Migrate to a fixed release |
FortiSOAR 7.0 | 7.0 all versions | Migrate to a fixed release |
Acknowledgement
Fortinet is pleased to thank James Cato from New Zealand Police for reporting this vulnerability under responsible disclosure.Timeline
2024-05-14: Initial publication