An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component
Metrics
Affected Vendors & Products
References
History
Sat, 11 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OneBlog 2.3.9 Sensitive Information Disclosure via Misconfigured REST API |
Fri, 10 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OneBlog 2.3.9 Sensitive Information Disclosure via Misconfigured REST API |
Thu, 09 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Remote Information Disclosure in Oneblog V2.3.9 via REST API Components | |
| Weaknesses | CWE-200 |
Wed, 08 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Remote Information Disclosure in Oneblog V2.3.9 via REST API Components | |
| Weaknesses | CWE-200 |
Wed, 08 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-306 | |
| Metrics |
cvssV3_1
|
Wed, 08 Jul 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zhangyd-c
Zhangyd-c oneblog |
|
| Vendors & Products |
Zhangyd-c
Zhangyd-c oneblog |
Tue, 07 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published: 2026-07-07T00:00:00.000Z
Updated: 2026-07-08T14:17:11.579Z
Reserved: 2026-06-08T00:00:00.000Z
Link: CVE-2026-51937
Updated: 2026-07-08T14:16:30.293Z
No data.
No data.