CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).

Product Status

Learn more

Information not provided

References 2 Total

seclists.org: 20180924 [SYSS-2018-016] Postman - Improper Certificate Validation
external site
mailing-list
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-016.txt
external site

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

seclists.org: 20180924 [SYSS-2018-016] Postman - Improper Certificate Validation
external site
mailing-listx_transferred
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-016.txt
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 2 Total

CVE Program

References 2 Total