Lucene search
K

214 matches found

Debian CVE
Debian CVE
added 2024/02/01 2:21 p.m.25 views

CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

5.5CVSS5.4AI score0.00226EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/01 2:21 p.m.42 views

CVE-2024-1141 Glance-store: glance store access key logged in debug log level

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

5.5CVSS5.7AI score0.00226EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/01 2:21 p.m.11 views

CVE-2024-1141 Glance-store: glance store access key logged in debug log level

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

5.5CVSS6.7AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.3 views

PT-2024-16967

Name of the Vulnerable Software and Affected Versions python-glance-store affected versions not specified Description A vulnerability was found in python-glance-store. The issue occurs when the package logs the access key for the glance-store when the DEBUG log level is enabled. Recommendations A...

5.5CVSS6.1AI score0.00226EPSS
Exploits0References24
NVD
NVD
added 2024/01/31 10:15 p.m.22 views

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

8.8CVSS8.5AI score0.34086EPSS
Exploits4References3
Prion
Prion
added 2024/01/31 10:15 p.m.25 views

Code injection

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

6.5CVSS6.9AI score0.34086EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2024/01/31 10:10 p.m.26 views

CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

8.8CVSS8.3AI score0.34086EPSS
Exploits4References5
CVE
CVE
added 2024/01/31 10:10 p.m.169 views

CVE-2024-24747

CVE-2024-24747 (MinIO) : MinIO allows new access keys to inherit the parent’s permissions, including admin:*, enabling potential privilege escalation by overriding their own s3 permissions. The issue is mitigated in the release RELEASE.2024-01-31T20-20-33Z. Connected docs also describe related ad...

8.8CVSS8.2AI score0.34086EPSS
Exploits4References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 10:10 p.m.32 views

CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

8.8CVSS6.5AI score0.34086EPSS
Exploits4References3
CVE
CVE
added 2024/01/03 4:20 p.m.54 views

CVE-2023-46740

Summary: CVE-2023-46740 affects CubeFS before v3.3.1, where an insecure random string generator used for user accessKeys could be predicted, enabling an attacker to impersonate users and obtain higher privileges. The root cause is the use of a weak RNG for sensitive per-user keys during user crea...

9.8CVSS9.1AI score0.00439EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/26 8:15 a.m.21 views

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

6.5CVSS6.3AI score
Exploits0References2
NVD
NVD
added 2023/12/26 8:15 a.m.23 views

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

6.5CVSS0.00317EPSS
Exploits0References2
Prion
Prion
added 2023/12/26 8:15 a.m.19 views

Code injection

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

4CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/26 7:21 a.m.24 views

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

6.4AI score0.00317EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/10/12 4:37 p.m.4 views

rgw: improperly verified POST keys

A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket...

9.8CVSS5.8AI score0.02539EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/09/22 6:15 a.m.3 views

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.6 views

Plesk Onyx Security Vulnerability

Plesk Onyx is a hosting control panel from Plesk Switzerland. A security vulnerability exists in Plesk Onyx version 17.8.11 that stems from a security issue with the accessKeyId and SecretAccessKey fields associated with the Amazon AWS Firehose component...

7.5CVSS6.7AI score0.00473EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.10 views

PT-2023-28982 · Plesk +1 · Plesk Onyx +1

Name of the Vulnerable Software and Affected Versions: Plesk Onyx version 17.8.11 Description: The issue is related to the presence of accessKeyId and secretAccessKey fields in the Amazon AWS Firehose component. However, the vendor's position is that there is no security threat. Recommendations:...

7.5CVSS7AI score0.00473EPSS
Exploits0References6
wpexploit
wpexploit
added 2023/09/19 12:0 a.m.196 views

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...

4.8CVSS5AI score0.00402EPSS
Exploits2
CVE
CVE
added 2023/04/19 5:18 p.m.66 views

CVE-2023-30610

The CVE affects aws-sigv4 in the AWS SDK for Rust: the SigningParams Debug output can expose a user’s AWS access key, secret key, and session token when TRACE-level logging is enabled, allowing credentials to appear in logs. Affected users should upgrade to fixed releases; patches are listed acro...

5.5CVSS5.4AI score0.00216EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder