GHSA-rqcc-h287-275cHighCVSS 7.5
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that...
🔗 CVE IDs covered (1)
📋 Description
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.