CVE-2023-4509

It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt...

PT-2024-13214 · Octopus Deploy +1 · Octopus Server

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows an API key to be logged in clear text in the audit log file after an invalid login attempt. Recommendations: At the moment, there is no information about a newer version...

Download IP2Location Country Blocker < 2.34.3 - Cross-Site Request Forgery

Description The Download IP2Location Country Blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.34.2. This is due to missing or incorrect nonce validation on the validateapikey function. This makes it possible for unauthenticated attackers...

Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1

Summary Audit records for OpenAPI requests may include sensitive information. Impact Unauthorized access, privilege escalation. Mitigation Nozomi Networks recommends creating specific users for OpenAPI usage, with only the necessary permissions to access the required data sources. Additionally, i...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

CVE-2023-6777 WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

CVE-2023-6777 WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

PT-2024-15080 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin for WordPress versions up to, and including, 9.0.34 Description: The issue allows unauthenticated attackers to obtain the developer's Google API key due to the plugin adding the API key to several plugin files. This does not...

ROS-20240403-14

A vulnerability in the Google Sheets data source of the Grafana monitoring and surveillance platform is related to the failure to handling error messages properly, potentially exposing the Google Sheet API key. Exploitation of the vulnerability could allow an attacker acting remotely to gain acce...

Visual Planning REST API 2.0 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49231 Link ==== https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-003/...

Improper Authorization

org.elasticsearch:elasticsearch is vulnerable to Improper Authorization. The vulnerability is due to the improper validation of API key permissions, allowing a malicious user with a valid API key for a remote cluster configured with new Remote Cluster Security to read arbitrary documents from any...

WordPress Plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-23451

An incorrect authorization flaw was found in the API key based security model for Remote Cluster Security in the elasticsearch package. A malicious user with a valid API key can leverage this issue to gain access to read any documents from any index in the remote cluster, exposing possible...

Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...