1257 matches found
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies
Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Contin...
Rancher UI has multiple Cross-Site Scripting (XSS) issues
Impact Multiple Cross-Site Scripting XSS vulnerabilities have been identified in the Rancher UI. Cross-Site scripting allows a malicious user to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform oth...
GHSA-46V3-GGJG-QQ3X Rancher UI has multiple Cross-Site Scripting (XSS) issues
Impact Multiple Cross-Site Scripting XSS vulnerabilities have been identified in the Rancher UI. Cross-Site scripting allows a malicious user to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform oth...
CVE-2023-34094
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
Design/Logic Flaw
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
CVE-2023-34094
Summary: CVE-2023-34094 affects the ChuanhuChatGPT GUI for ChatGPT and related LLMs. A vulnerability in versions 20230526 and earlier allows an unauthenticated attacker to read the private config.json file, enabling theft of API keys stored there. The issue arises when authentication is not confi...
CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
CVE-2023-34094 ChuanhuChatGPT vulnerable to unauthorized configuration file access
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...
Information Disclosure
Codedx is vulnerable to Information Disclosure. The vulnerability exists because the job configuration form does not mask API keys which allows an attacker to gain access to observe and capture the key information...
Information Disclosure
Codedx is vulnerable to Information Disclosure. The vulnerability exists because the server API keys are stored in job config.xml without encrypting which allows an attacker to gain read access on the controller file system...
Exploit for OS Command Injection in Eparks Fiberlink_210_Firmware
CVE-2023-33617 Authenticated OS command injection vulnerabili...
ginuerzh/gost vulnerable to Timing Attack
Timing attacks occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function. More information on this attack type can ...
GHSA-GPC2-F62M-C6H6 Jenkins Code Dx Plugin stores API keys in plain text
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...
Jenkins Code Dx Plugin stores API keys in plain text
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...
Jenkins Code Dx Plugin displays API keys in plain text
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...
GHSA-352V-HHMH-2W8H Jenkins Code Dx Plugin displays API keys in plain text
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...
CVE-2023-2633
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-2633
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...
Design/Logic Flaw
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...