Project: Snowplow Mini
Vulnerability: Access to unsecured endpoint showing collected data
Description:
The Snowplow Mini project provides a simplified version of a full pipeline for testing and evaluation purposes.
An issue introduced in version 0.5.0 of the project means that some endpoints provided by an upgraded dependency are not secured via our basic authentication rules, and visitors are not challenged for a username and password.
Impact:
If you’re using Mini for testing purposes as designed and are not storing user data, the risk of this vulnerability is minimal. If you are using Mini to collect user data, we advise that you upgrade immediately.
Solution:
We have released version 0.6.3 with a fix for this issue.
You can find steps to update to 0.6.3 at the links below: