ByteOS Network

CVE Vulnerability Details :

CVE-2023-46240

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-31 Oct, 2023 | 15:03

Updated At-05 Sep, 2024 | 17:36

▼CVE Numbering Authority (CNA)

CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`.

Affected Products

Vendor

codeigniter4

Product

CodeIgniter4

Versions

Affected

< 4.4.3

Problem Types

Type	CWE ID	Description
CWE	CWE-209	CWE-209: Generation of Error Message Containing Sensitive Information

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Hyperlink	Resource
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj	x_refsource_CONFIRM
https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563	x_refsource_MISC
https://codeigniter4.github.io/userguide/general/errors.html#error-reporting	x_refsource_MISC

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj	x_refsource_CONFIRM x_transferred
https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563	x_refsource_MISC x_transferred
https://codeigniter4.github.io/userguide/general/errors.html#error-reporting	x_refsource_MISC x_transferred

2. CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References