EIQ-2018-0019#
ID |
EIQ-2018-0019 (Former ref.: 25757) |
|---|---|
CVE |
- |
Description |
Stack trace information is available to non admin users |
Date |
- |
Severity |
1 - LOW |
CVSSv3 score |
CVSSv3 score not available on NIST NVD. |
Status |
✅ 2.4.0 |
Assessment |
When a platform action or operation fails to correctly execute, a stack trace may be available to help sysadmins troubleshoot the problem. |
Mitigation |
The field with traceback log information should be available only to admin users; it should be empty for non-admin users. From release 2.4.0 the read traceback-logs permission controls read access to the stack trace/traceback. Only roles with this permission, and only users with roles that include this permission, can access traceback information. |
Affected versions |
2.3.1 to 2.3.4 included. |
Notes |
- |