CVE-2018-9160: SiCKRAGE Discloses Plaintext Credentials

May 13, 2022 (updated October 22, 2024)

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

References

github.com/SickRage/SickRage
github.com/SickRage/SickRage/commit/8156a74a68aea930d1e1047baba8b115c3abfc44
github.com/advisories/GHSA-jrcv-3c5h-rh3q
github.com/pypa/advisory-database/tree/main/vulns/sickrage/PYSEC-2018-101.yaml
nvd.nist.gov/vuln/detail/CVE-2018-9160
www.exploit-db.com/exploits/44545

Code Behaviors & Features

Detect and mitigate CVE-2018-9160 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →