module
Listmonk Insecure Sprig Template Functions Environment Disclosure
| Disclosed |
|---|
| Jun 8, 2025 |
Disclosed
Jun 8, 2025
Description
This module exploits insecure Sprig template functions in Listmonk
versions prior to v5.0.2. The env and expandenv functions are enabled
by default, allowing authenticated users with campaign permissions to
extract sensitive environment variables via campaign preview.
versions prior to v5.0.2. The env and expandenv functions are enabled
by default, allowing authenticated users with campaign permissions to
extract sensitive environment variables via campaign preview.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.