Impact
An information disclosure flaw exists in the configuration endpoint of whoogle-search version 1.2.3, where a specially crafted GET request can reveal sensitive data. The vulnerability is classified as CWE-200, indicating improper information protection. Attackers can retrieve confidential settings or internal data that should be hidden from unauthorized users.
Affected Systems
The flaw affects installations of Ben Busby whoogle-search v1.2.3. No other versions or vendors are listed in the available data.
Risk and Exploitability
The CVSS score of 7.5 marks the flaw as high severity. The EPSS score is below 1%, suggesting a low probability of exploitation at present, and the vulnerability is not currently registered in the CISA KEV catalog. The likely attack path is a remote attacker sending a crafted HTTP GET request to the exposed configuration endpoint, assuming no authentication or access restrictions are in place.
OpenCVE Enrichment