CVE-2018-20243

HIGH

Fineract - Info Disclosure

Title source: llm

Description

The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

References (1)

[Exploit, Mailing List, Patch, Third Party Advisory] https://lists.apache.org/thread.html/r040d46835aff3c192656b549ca82f62d87fb044ef9a9dd49408b49b4%40%3Cdev.fineract.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.0068

EPSS Percentile 71.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (4)

apache/fineract < 1.3.0

apache/fineract

Timeline

Published Oct 13, 2020

Tracked Since Feb 18, 2026