DOM Customer Portal / Security / Sensitive Data Disclosure Vulnerability

Sensitive Data Disclosure Vulnerability (DOPPLER-SA-0001)


Summary

It was found that an authenticated user with group.edit privileges could move a group to a parent group the user did not have access to. Potentially exposing group specific configuration templates, settings and other privileged information.

Remediation

Customers should update to v22.12 or later.

Affected Versions

  • v22.09.13 and earlier versions of Doppler

Advisory Details

Severity

3.8 Low

Discovered

Oct 24, 2022

Published

Dec 22, 2022

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N