Description

Chrome Logger is a Google Chrome extension for debugging server side applications in the Chrome console. When enabled, the server side component will return headers named X-ChromePhp-Data or X-ChromeLogger-Data. The value of these headers contains possible sensitive information and should not be present in production systems.

Remediation

Disable debugging helpers in production systems.

References

Chrome Logger

Related Vulnerabilities

WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)

[Possible] Internal Path Disclosure (Windows)

GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability

Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure