CVE-2018-18655

MEDIUM

Prayer < 1.3.5 - Unauthenticated Exposure of Sensitive Information via Referer Header

Title source: llm
STIX 2.1

Description

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.

References (2)

Core 2
Core References
Issue Tracking, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://bugs.debian.org/911842

Scores

CVSS v3 4.3
EPSS 0.0084
EPSS Percentile 53.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
prayer_project/prayer < 1.3.5
Published Oct 26, 2018
Tracked Since Feb 18, 2026