What is GHSA-85r2-pvg8-89r9?

GHSA-85r2-pvg8-89r9 is a security advisory published by GitHub Security Advisories with Medium severity. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This...

Which CVE IDs does GHSA-85r2-pvg8-89r9 cover?

GHSA-85r2-pvg8-89r9 covers the following CVE IDs: CVE-2026-34905. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-85r2-pvg8-89r9?

GHSA-85r2-pvg8-89r9 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-85r2-pvg8-89r9MediumCVSS 6.5

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This...

Vendor

GitHub Security Advisories

Published

June 9, 2026

Last Modified

June 9, 2026

🔗 CVE IDs covered (1)

CVE-2026-34905 →

📋 Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer.

This issue affects Apache Answer: through 2.0.0.

The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Users are recommended to upgrade to version 2.0.1, which fixes the issue.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-34905
https://lists.apache.org/thread/khxoft96sptr2kh0cpzgw7f6qwv0ltcf
http://www.openwall.com/lists/oss-security/2026/06/09/2
https://github.com/advisories/GHSA-85r2-pvg8-89r9