An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-15T20:48:17
Updated: 2024-08-04T11:06:10.117Z
Reserved: 2020-03-15T00:00:00
Link: CVE-2020-10591
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-15T21:15:11.880
Modified: 2024-11-21T04:55:39.360
Link: CVE-2020-10591
Redhat
No data.