Primary

Context

Apache Answer Exposure of Private Information Vulnerability in Revision API

Vulnerability

A vulnerability allowing the exposure of private personal information to unauthorized users has been identified in Apache Answer versions prior to 1.7.1. This issue arises from an unauthenticated API endpoint that improperly reveals the full revision history of deleted content, enabling unauthorized users to access restricted or sensitive information.

Impact

Exploitation of this vulnerability allows unauthorized users to access private personal information and sensitive revision history of deleted content.

Remediation

Users are advised to upgrade to Apache Answer version 2.0.0 or later, which addresses this vulnerability.

Added: Feb 4, 2026, 11:18 AM

Updated: Feb 4, 2026, 4:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Answer Exposure of Private Information Vulnerability in Revision API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating