1826 matches found
UBUNTU-CVE-2022-3018
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...
CVE-2022-3018
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...
PT-2022-20020 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.3 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.3 GitLab CE/EE versions 15.4 through 15.4.0 Description: An information disclosure issue affects GitLab CE/EE, allowing a project maintainer to access the DataDo...
CVE-2022-3018
Removed by vendor...
Design/Logic Flaw
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...
CVE-2022-39351
CVE-2022-39351 affects Dependency-Track prior to v4.6.0, where an API request using a valid API key with insufficient permissions could cause the API key to be written in clear text to the audit log. This enables an attacker with audit log access to obtain valid keys. The issue is fixed in v4.6.0...
CVE-2022-39351 Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...
CVE-2022-39351 Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...
Automattic: Akismet API keys are exposed by authentication method
We have switched to sending the Akismet API key as part of the request body by default. At the time of this report, Akismet API keys used formed part of the subdomain request to Akismet’s backend in the form api-key.rest.akismet.com. This means that the API key is transmitted over DNS - a protoco...
CVE-2022-31130
A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker...
Stripo Inc: Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo
A previously disclosed vulnerability regarding API key disclosure in Stripo was reported as resolved...
GHSA-J7XV-FC46-HGPG Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionall...
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionall...
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionall...
GHSA-CPM5-CQR9-7P79 Jenkins BigPanda Notifier Plugin Missing Password Field Masking
BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionall...
CVE-2022-41248
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2022-41247
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41247
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...