CVE-2018-16987

HIGH

Squash TM <1.18.0 - Info Disclosure

Title source: llm

Description

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.

Exploits (1)

nomisec WRITEUP 1 stars

by gquere · poc

https://github.com/gquere/CVE-2018-16987

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2018/09/13/1

Permissions Required, Vendor Advisory x_refsource_misc

https://ci.squashtest.org/mantis/view.php?id=7553

Scores

CVSS v3 7.2

EPSS 0.0076

EPSS Percentile 73.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (1)

squashtest/squash_tm < 1.18.0

Published Sep 13, 2018

Tracked Since Feb 18, 2026