Information Disclosure Vulnerability in OneNav 0.9.12

Information Disclosure Vulnerability in OneNav 0.9.12

CVE-2021-38712 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.

Learn more about our Cis Benchmark Audit For Nginx.