CVE-2024-52291: Craftcms Sensitive Configuration Exposure
Sensitive Craft CMS control panel configuration keys such as 'cpTrigger' and 'baseCpUrl' are being exposed without checking if the current context is a Control Panel request. This leaks administrative routing details to frontend visitors. Guard this exposure with a check like `if ($request->getIsCpRequest())`.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0php
greprules fetch cve-2024-52291-craftcms-sensitive-configuration-exposure --engine opengrepDescription
Sensitive Craft CMS control panel configuration keys such as 'cpTrigger' and 'baseCpUrl' are being exposed without checking if the current context is a Control Panel request. This leaks administrative routing details to frontend visitors. Guard this exposure with a check like `if ($request->getIsCpRequest())`.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.