Description

Sensitive information stored in the source code. It is determined that non-JSON Apache Lucene queries are enabled on the Cloudant database server.

Impact

Obtain information from the logs in the database, which in turn contain sensitive user data.

Recommendation

- Securely configure the vulnerable service so that it can only be accessed by authorized users. - Disable queries via Query Parser.

Threat

Authorized attacker using the credentials stored in the source code from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes