Default credentials

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

CVE-2023-50719

XWiki Platform’s Solr-based search discloses password hashes (and potentially API keys stored as passwords) of all users to anyone with view rights on the user profile. Affected versions are 7.2-milestone-2 through prior to 14.10.15, 15.5.2, and 15.7-rc-1. By default, user profiles are public, en...

CVE-2023-6793

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...

CVE-2023-6793

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...

Privilege escalation

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...

CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage...

CVE-2023-46675

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

CVE-2023-46671

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

Code injection

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

CVE-2023-46671 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

CVE-2023-46671

CVE-2023-46671 affects Elastic Kibana

Palo Alto Networks PAN-OS Security Vulnerability

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS that stems from the presence of a mismanagement of privileges vulnerability. An attacker could exploit the vulnerability to revoke XML API ke...

Elastic Kibana Log Information Disclosure Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 7.13.0 through 7.17.16 and 8.0...

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

Sensitive Information Leak

kibana is vulnerable to Sensitive Information Leak. The vulnerability is due to sensitive information being recorded to logs in case of an error. The log can contain account credentials for the kibanasystem user, API Keys and credentials of kibana end users...

SUSE CVE-2023-46671

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

Tell Me Your Secrets Without Telling Me Your Secrets

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets passwords, API keys, priva...

CVE-2023-46671

A flaw was found in Kibana, where exposure of sensitive information in log files may occur. In some uncommon conditions, if error messages are returned, the log may contain account credentials for the kibanasystem 64 user, API Keys, and credentials of Kibana end-users...

CVE-2021-37937

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...

Design/Logic Flaw

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...