HIGH🇬🇧 English

CVE-2022-32984

CVSS 7.5v3.1pub. 2023-01-31upd. 2025-03-27

BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Btcpayserver Btcpay Server

    APP
    Btcpayserver
    1.3.0 – 1.5.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-29249HIGH7.5ten sam produkt

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.

CVE-2023-1149MEDIUM5.4ten sam produkt

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to...

CVE-2023-0879MEDIUM6.3ten sam produkt

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.

CVE-2023-0493MEDIUM5.3ten sam produkt

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to...

CVE-2021-3830MEDIUM5.4ten sam produkt

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti...