CVE-2025-70029

High CVSS: 7.5

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options

Vendor

Sunbird

Product

Sunbirded-portal

CWE

CWE-295

Yayın Tarihi

2026-02-11 18:16:06

Güncelleme

2026-04-01 15:29:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-295 Sunbirded-portal HIGH Sunbird 2026

Referanslar

https://gist.github.com/zcxlighthouse/e662c8316f98a1c72735cda4f6bfcfe6 https://github.com/Sunbird-Ed https://github.com/Sunbird-Ed/SunbirdEd-portal

Benzer Kayıtlar

High

CVE-2025-70027

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This…

High

CVE-2025-70028

An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discov…

High

CVE-2025-70030

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd…

High

CVE-2025-70031

An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Medium

CVE-2025-70032

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Medium

CVE-2025-70033

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed…