1270 matches found
Improper Authentication
Description There are two permissions not working correctly: The Licenses - View and Modify License Files & the Self - Create API Keys permission. License Files Files can be uploaded to licenses. There is a permission for users called View and Modify License Files. However, this permission is...
多款ZOHO ManageEngine产品安全漏洞
ZOHO ManageEngine OpManager etc. are products of ZOHO India.ZOHO ManageEngine OpManager is a comprehensive network monitoring software.ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager Plus is an IT operations...
Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secre...
Design/Logic Flaw
In zulip before 1.3.12, bot API keys were accessible to other users in the same realm...
CVE-2016-4426
In zulip before 1.3.12, bot API keys were accessible to other users in the same realm...
CVE-2016-4426
CVE-2016-4426 affects Zulip prior to 1.3.12, where bot API keys were accessible to other users in the same realm. Remediation: upgrade to Zulip 1.3.12 or later. NVD lists CVSS v3.1 base score 4.3 (Medium). No exploitation details are provided in the available documents.
PT-2022-7863 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip versions prior to 1.3.12 Description: The issue allows bot API keys to be accessible to other users within the same realm. Recommendations: For versions prior to 1.3.12, update to version 1.3.12 or later to resolve the issue...
Planet Labs: Api data leak
A security vulnerability was identified where sensitive API keys were exposed through archived data accessible via the Wayback Machine. Some of these API keys were found to be valid...
U.S. Dept Of Defense: IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
Hi Dod & Hackerone Team i hope you are Doing Well Today : Explaining: i found That a User With a Member Permission in a Organization Can Create & View & DELETE APIKEYS Step To Reproduce: 1 First Create 2 Accounts From Here https://███ 2 Log in With The Victim User and Create New Group From Here...
Jenkins OpsGenie Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
GHSA-7R65-PJGV-H2H9 Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...
Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...
Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...
GHSA-273C-FJW8-V2W8 Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...
CVE-2022-23725
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances...
CVE-2022-23725
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances...
CVE-2022-23725
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances...
Code injection
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances...
CVE-2022-23725 PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances...
CVE-2022-34804
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure...