Bitrix Site Manager updater.log Remote Information Disclosure
Remote / Network Access
Loss of Confidentiality
Bitrix Site Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the "/bitrix/updates/updater.log" file is requested, which will disclose information about version history and the latest installed version resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.