Primary

Context

Census CSWeb Information Disclosure Vulnerability in Configuration Files

Vulnerability

A vulnerability in Census CSWeb version 8.0.1 allows the 'app/config' directory to be accessed via HTTP in certain deployments. This exposure enables remote, unauthenticated attackers to send requests for configuration files, potentially leading to the disclosure of sensitive information such as secrets. The issue has been addressed in version 8.1.0 alpha.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of configuration files, which may contain sensitive information like application secrets. Such exposure could facilitate further attacks or compromises.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the 'app/config' directory of a server running Census CSWeb version 8.0.1. This can be done using a web browser or a tool like cURL, without the need for authentication.

Remediation

Users can upgrade to Census CSWeb version 8.1.0 alpha to address this vulnerability.

Added: Mar 23, 2026, 10:47 PM

Updated: Mar 23, 2026, 10:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.3

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.3

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Census CSWeb Information Disclosure Vulnerability in Configuration Files

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating