Primary

Context

Apache Answer Sensitive Information Exposure Vulnerability in Unlisted Questions

Vulnerability

Patched

A vulnerability allowing exposure of sensitive information to unauthorized users has been identified in Apache Answer versions prior to 2.0.0. The issue arises because the unlisted question feature failed to apply access restrictions on direct API endpoints. This oversight enabled authenticated users to discover and access unlisted questions, along with their answers, comments, and revision history.

Impact

Exploitation of this vulnerability allows authenticated users to access unlisted questions and their associated content, including answers, comments, and revision history, without proper authorization.

Remediation

Users are advised to upgrade to Apache Answer version 2.0.1 or later, which addresses this vulnerability.

Added: Jun 9, 2026, 9:29 AM

Updated: Jun 9, 2026, 9:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Answer Sensitive Information Exposure Vulnerability in Unlisted Questions

Vulnerability

Impact

Remediation

Affected Products

Apache Answer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating