CVE-2020-24227

HIGH

Playground Sessions <2.5.582 - Info Disclosure

Title source: llm

Description

Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.

Exploits (1)

nomisec WRITEUP 9 stars

by nathunandwani · poc

https://github.com/nathunandwani/CVE-2020-24227

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/nathunandwani/CVE-2020-24227

Scores

CVSS v3 7.5

EPSS 0.0062

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

playgroundsessions/playground_sessions < 2.5.582

Timeline

Published Nov 23, 2020

Tracked Since Feb 18, 2026