214 matches found
CVE-2024-1141
A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...
CVE-2024-1141 Glance-store: glance store access key logged in debug log level
A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...
CVE-2024-1141 Glance-store: glance store access key logged in debug log level
A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...
PT-2024-16967
Name of the Vulnerable Software and Affected Versions python-glance-store affected versions not specified Description A vulnerability was found in python-glance-store. The issue occurs when the package logs the access key for the glance-store when the DEBUG log level is enabled. Recommendations A...
CVE-2024-24747
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...
Code injection
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...
CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...
CVE-2024-24747
CVE-2024-24747 (MinIO) : MinIO allows new access keys to inherit the parent’s permissions, including admin:*, enabling potential privilege escalation by overriding their own s3 permissions. The issue is mitigated in the release RELEASE.2024-01-31T20-20-33Z. Connected docs also describe related ad...
CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...
CVE-2023-46740
Summary: CVE-2023-46740 affects CubeFS before v3.3.1, where an insecure random string generator used for user accessKeys could be predicted, enabling an attacker to impersonate users and obtain higher privileges. The root cause is the use of a weak RNG for sensitive per-user keys during user crea...
CVE-2023-50294
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
CVE-2023-50294
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
Code injection
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
CVE-2023-50294
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
rgw: improperly verified POST keys
A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket...
CVE-2023-43784
Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...
Plesk Onyx Security Vulnerability
Plesk Onyx is a hosting control panel from Plesk Switzerland. A security vulnerability exists in Plesk Onyx version 17.8.11 that stems from a security issue with the accessKeyId and SecretAccessKey fields associated with the Amazon AWS Firehose component...
PT-2023-28982 · Plesk +1 · Plesk Onyx +1
Name of the Vulnerable Software and Affected Versions: Plesk Onyx version 17.8.11 Description: The issue is related to the presence of accessKeyId and secretAccessKey fields in the Amazon AWS Firehose component. However, the vendor's position is that there is no security threat. Recommendations:...
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
Description The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users. As an admin, open the File Manager and run the following JS code: fetch"http://localhost:10008/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencode...
CVE-2023-30610
The CVE affects aws-sigv4 in the AWS SDK for Rust: the SigningParams Debug output can expose a user’s AWS access key, secret key, and session token when TRACE-level logging is enabled, allowing credentials to appear in logs. Affected users should upgrade to fixed releases; patches are listed acro...