CVE-2018-20243
HIGHApache Fineract 1.0.0-1.2.9 - Credential Exposure via URL Parameters
Title source: llmDescription
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
References (1)
Core 1
Core References
Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://lists.apache.org/thread.html/r040d46835aff3c192656b549ca82f62d87fb044ef9a9dd49408b49b4%40%3Cdev.fineract.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0068
EPSS Percentile
71.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (4)
apache/fineract
0.4.0 incubating
apache/fineract
0.5.0 incubating
apache/fineract
0.6.0 incubating
apache/fineract
1.0.0 - 1.3.0
Published
Oct 13, 2020
Tracked Since
Feb 18, 2026