CVE-2019-17375

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

Code injection

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated SEC-517...

CVE-2019-17375

CVE-2019-17375 affects cPanel prior to 82.0.15. The vulnerability allows API token credentials to persist after an account is renamed or terminated (SEC-517). Impact includes persistence of credentials that may enable access after account changes, with CVSS v3.1 base score high (8.8) and CVSS v2 ...

GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How it Works During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users...

Session Fixation

jenkins is vulnerable to session fixation. The vulnerability exists as jenkins does not invalidate API token when a user is deleted...

CVE-2019-1003045

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...

CVE-2019-1003045

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...

Design/Logic Flaw

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...

CVE-2019-1003045

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...

CVE-2019-1003045

Affects Jenkins ECS Publisher Plugin ≤ v1.0.0. The vulnerability allows attackers with Item/Extended Read permission or local access to the Jenkins home directory to read the API token stored in the plugin’s configuration, potentially exposing credentials. The issue is described across multiple s...

PT-2019-11335 · Jenkins · Jenkins Ecs Publisher Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins ECS Publisher Plugin versions 1.0.0 and earlier Description: A vulnerability in the plugin allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configur...

CVE-2018-15539

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc...

gitea -- multiple vulnerabilities

Gitea project reports: CSRF Vulnerability on API. Enforce token on api routes...

h1-5411-CTF: MemeCTF serial exploitation to local file read to Papertrail access via API-token leakage and more

Hi there dear CTF staff! First of all a huge thank you for the great challenge you put up! I've found it super exciting and the learning curve has been steep. For this case, I was first wondering if this is a part of the actual CTF, but after some inspecting, it surely doesn't seem so! I did even...

Burpa - A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...

Reverb.com: Api token exposed in Reverb.com's public github repository

An access token of a user account was available in a public github repo. The token was tied to an experimental project, and the account was only used for that project, so no sensitive information was able to be obtained...

HackerOne: Invalid Phabricator API token revealed through error message when escalating a report

Summary While trying to create a phabricator task by escalating to phabricator, error message contains the API token as a part of the pop up. This is seen when a user tries to enter an invalid API token. Description It was seen that after setting up phabricator integration in a program, when tryi...

Code injection

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...

CVE-2017-1555

CVE-2017-1555 affects IBM API Connect 5.0.0.0 through 5.0.7.2, where an authenticated user could generate an API token without being subscribed to the application plan. The NVD entry records CVSS v3.0 base score 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). IBM’s security bulletin confirms the vulne...

CVE-2017-1555

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...