The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information. An HTTP request to the unprotected API could be used to determine whether an arbitrary file path exists on the filesystem. No authentication is required to perform this exploit.
Access to sensitive information
Inductive Automation Ignition 8 All versions prior to 8.0.13
Inductive Automation recommends users upgrade the Ignition software to v8.0.13