CVE-2018-8947: Cleartext Storage of Sensitive Information

March 25, 2018 (updated October 3, 2019)

rap2hpoutre Laravel Log Viewer relies on Base64 encoding, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a download request.

References

nvd.nist.gov/vuln/detail/CVE-2018-8947
www.exploit-db.com/exploits/44343/

Detect and mitigate CVE-2018-8947 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →