CVE-2018-18655
MEDIUMPrayer < 1.3.5 - Unauthenticated Exposure of Sensitive Information via Referer Header
Title source: llmDescription
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
https://telescoper.wordpress.com/2018/10/18/a-breakthrough-for-a-bigot/#comment-339386
Issue Tracking, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://bugs.debian.org/911842
Scores
CVSS v3
4.3
EPSS
0.0084
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
prayer_project/prayer
< 1.3.5
Published
Oct 26, 2018
Tracked Since
Feb 18, 2026