CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

Cross site request forgery (csrf)

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

JVN#64453490: Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

PT-2023-21228 · Google · Google Cloud Api +1

Name of the Vulnerable Software and Affected Versions: ReadtoMyShoe versions prior to commit 8533b01 Description: The issue arises when an error occurs while adding an article to the web app, resulting in an error message that includes sensitive information. Specifically, if the error is related ...

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

CVE-2023-27587

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google...

CVE-2023-27587

ReadtoMyShoe (RTMS) is affected by CVE-2023-27587. When an article-adding error occurs, the TTS request URL may leak the Google Cloud API key in the full URL. A PoC demonstrates the leaked key in the error output; the issue is tied to pre-8533b01 behavior. The advisory notes that this has been pa...

Information Disclosure

netdata is vulnerable to Information Disclosure. Netdata Agents have an automatically generated MACHINE GUID that is saved to disk and can persist across restarts and reboots. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents children, offloading childre...

UBUNTU-CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

CVE-2023-0483

GitLab CVE-2023-0483 affects 12.1–version before 15.7.8, 15.8 before 15.8.4, and 15.9 before 15.9.2. The flaw allows a project maintainer to extract a Datadog integration API key by modifying the site. The initial description lists affected versions and the leakage of a Datadog API key; no concre...

CVE-2023-0483

Removed by vendor...

CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

CVE-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that a...

X-force - IBM Security Utilitary Library In Python. Search And Query All Sources: Threat_Activities And Groups, Malware_Analysis, Industries

IBM Security X-FORCE Exchange library in Python 3. Search: threatactivities, threatgroups, malwareanalysis, collector and industries. Install pip3 install XForce Use Using you APIKEY make a basic authentication. After make a base64 code → Key + : + Password: printf...

GitLab 12.1 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2023-0483)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SCIM tokens while managing groups Maintainer can leak Datadog API key by changing Datadog site...

CVE-2023-26468

Cerebrate 1.12 does not properly consider organisationid during creation of API keys...