GHSA-h6w8-27ph-c385: Leantime has Insufficiently Protected Credentials

February 21, 2025

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore.

Additional Information:

1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security. 3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.

References

github.com/Leantime/leantime
github.com/Leantime/leantime/security/advisories/GHSA-h6w8-27ph-c385
github.com/advisories/GHSA-h6w8-27ph-c385

Detect and mitigate GHSA-h6w8-27ph-c385 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →