Lucene search
K

304 matches found

Prion
Prion
added 2024/03/13 9:16 p.m.29 views

Design/Logic Flaw

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

4CVSS6.7AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 8:19 p.m.10 views

CVE-2024-28193 Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

6.5CVSS6.2AI score0.0064EPSS
Exploits1References3
NVD
NVD
added 2023/12/18 8:15 p.m.26 views

CVE-2023-6289

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...

4.3CVSS0.00916EPSS
Exploits3References1
Prion
Prion
added 2023/12/18 8:15 p.m.27 views

Information disclosure

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...

4CVSS6.6AI score0.00916EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2023/12/18 8:8 p.m.66 views

CVE-2023-6289

CVE-2023-6289 affects the WordPress plugin Swift Performance Lite up to version 2.3.6.14. Root cause: missing authorization check on an admin-ajax exported function (luv-action export) via admin_init, allowing unauthenticated retrieval of plugin settings that may include Cloudflare API tokens. Im...

4.3CVSS4.8AI score0.00916EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.8 views

WordPress Plugin Swift Performance Lite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.4AI score0.00916EPSS
Exploits3References3
OSV
OSV
added 2023/08/07 6:27 p.m.27 views

CVE-2023-39349 Sentry vulnerable to privilege escalation via ApiTokensEndpoint

Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...

8.1CVSS7.9AI score0.00849EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.5 views

PT-2023-15694 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0p1 through 2.0.0p28 Checkmk versions 2.1.0p1 through 2.1.0p10 Description: The issue arises from the insecure termination of expired sessions in the RestAPI, allowing an attacker to utilize expired session tokens for...

9.8CVSS7.2AI score0.00456EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2023/01/05 9:12 a.m.28 views

CircleCI Urges Customers to Rotate Secrets Following Security Incident

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected t...

1AI score
Exploits0
Hacker One
Hacker One
added 2022/12/20 3:14 p.m.17 views

Cloudflare Public Bug Bounty: Bypassing creation of API tokens without email verification

API tokens could be created without email verification on Cloudflare. If an email-verified account changed their email address without verifying the new email, previously created API tokens remained valid. This vulnerability was addressed by requiring verification before completing the email chan...

7AI score
Exploits0
Hacker One
Hacker One
added 2022/11/17 11:40 a.m.325 views

ZeroBounce: API tokens and Emails leaked lead to sensitive information Disclosure

Summary: "Salam alikoum " Hi team i hope you are well t is a pleasure to work in your program. I will begin to present the vulnerability that I found it: Information Disclosure via ?email parameter and ?apikey Steps To Reproduce: 1. waybackurls zerobounce.net | grep gmail Response :...

6.8AI score
Exploits0
Huntr
Huntr
added 2022/11/10 10:32 a.m.15 views

HTML injection possible via LLDP

Description An unmanaged/foreign neighbouring device that is advertising its presence with LLDP can inject malicious HTML code into LibreNMS by setting its System Name TLV to whatever snippet is to be injected. This is assuming that a device that is managed by LibreNMS has LLDP and the...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/08 9:34 a.m.6 views

grafana: Forward OAuth Identity Token can allow users to access some data sources

An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token and no other user credentials will forward the OAuth Identity of the most recently logged-in user. This flaw allows API tok...

4.3CVSS7.1AI score0.02013EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/09/09 12:0 a.m.8 views

The vulnerability of Kubernets Rancher cluster management software lies in the storage of passwords in an unencrypted form, allowing attackers to gain access to user credentials, passwords, and API tokens.

The vulnerability of Kubernets Rancher cluster management software is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow a remote attacker to gain access to credentials, passwords, and API tokens...

10CVSS7.8AI score0.00671EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/09/08 3:45 a.m.52 views

Information Disclosure

github.com/rancher/rancher is vulnerable to information disclosure. The vulnerability exists because of the lack of sanitization in credentials in cluster template answers of clusterstore.go, leading to plaintext storage and exposure of credentials, passwords and API tokens...

9.9CVSS8.6AI score0.00671EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/09/07 9:15 a.m.23 views

Design/Logic Flaw

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

6.5CVSS9AI score0.00671EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/07 8:20 a.m.25 views

CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

9.9CVSS9.4AI score0.00671EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 4:56 p.m.27 views

GHSA-3P8R-P4Q5-MC44 Violation Comments to GitLab Plugin has Insufficiently Protected Credentials

Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...

4.3CVSS6.3AI score0.01068EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.19 views

Violation Comments to GitLab Plugin has Insufficiently Protected Credentials

Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...

6.5CVSS2.8AI score0.01068EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 3:53 a.m.1 views

GHSA-VXC6-WVH8-FPXW Jenkins does not invalidate the API token when a user is deleted

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token...

6.5CVSS5.9AI score0.01748EPSS
Exploits0References5
Rows per page
Query Builder