CVE-2026-31381 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.
Medium CVSS: 5.3

CVE-2026-31381

An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.
Vendor
-
Product
-
CWE
CWE-598
Yayın Tarihi
2026-03-20 14:16:14
Güncelleme
2026-03-24 15:54:09
Source Identifier
cve@rapid7.com
KEV Date Added
-

Kategoriler

CWE-598 MEDIUM 2026

Referanslar

http://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-31382-gainsight-assist-information-disclosure-xss-fixed https://communities.gainsight.com/community-news-2/recent-gainsight-assist-plugin-remediations-cve-2026-31381-and-cve-2026-31382-30587