High severity8.1NVD Advisory· Published Sep 26, 2018· Updated Jun 17, 2026
CVE-2018-17215
CVE-2018-17215
Description
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=6.3.0
Patches
Vulnerability mechanics
References
2- seclists.org/bugtraq/2018/Sep/56nvdExploitMailing ListThird Party Advisory
- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-016.txtnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.