This vulnerability affects the PrestaShop upsshipping module in all versions through at least 2.4.0. It permits a remote attacker to obtain sensitive information by accessing the /modules/upsshipping/logs/ directory and the /modules/upsshipping/lib/UPSBaseApi.php file. The specific nature of the sensitive information is not detailed. No CVSS score or remediation level has been assigned, and no patch information is provided. The vulnerability is publicly disclosed but lacks detailed technical or exploit information.

The impact involves unauthorized disclosure of sensitive information from the upsshipping module of PrestaShop. This could lead to information leakage that may assist attackers in further attacks or compromise privacy. There is no indication of remote code execution or privilege escalation. No known exploits have been reported, and the extent of sensitive data exposure is not specified.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should restrict access to the affected module directories (/modules/upsshipping/logs/ and /modules/upsshipping/lib/UPSBaseApi.php) through web server configuration or file permissions to prevent unauthorized access. Monitor vendor channels for updates and apply patches promptly once released.