CVE-2018-20243
HIGHApache Fineract 1.0.0-1.2.9 - Credential Exposure via URL Parameters
Title source: llmDescription
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
References (1)
Core 1
Core References
Exploit, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://lists.apache.org/thread.html/r040d46835aff3c192656b549ca82f62d87fb044ef9a9dd49408b49b4%40%3Cdev.fineract.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0267
EPSS Percentile
84.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (4)
apache/fineract
0.4.0 incubating
apache/fineract
0.5.0 incubating
apache/fineract
0.6.0 incubating
apache/fineract
1.0.0 - 1.3.0
Published
Oct 13, 2020
Tracked Since
Feb 18, 2026