Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The King's Temple Church website Leaked Stripe API Key in Public Code Repository
Vulnerability Description
`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
website 信任管理问题漏洞
Vulnerability Description
website是Challenge开源的一个库。包含用于新 DIKULAN 网站(不依赖 Joomla)的文件。 website 0.1.0版本存在信任管理问题漏洞,该漏洞源于存在敏感信息暴露,攻击者利用该漏洞可以访问敏感的客户信息,从而导致隐私侵犯和潜在的影响。
CVSS Information
N/A
Vulnerability Type
N/A