16 matches found
BIT-DISCOURSE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0...
EUVD-2026-36583
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...
BIT-AIRFLOW-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...
CVE-2025-12773
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
CVE-2025-12679
CVE-2025-12679 affects Brocade SANnav prior to 2.4.0b and 3.0.0, where during migration the Password-Based Encryption (PBE) key is logged in plaintext to the system audit logs. An attacker with local access to these logs (audit logs on the host server, visible only to privileged users) could retr...
Plain password is logged in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a (CVE-2025-12773)
A vulnerability in “update-reports-purge-settings.sh” script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the audit log. An attacker can obtain the IP address of a project member admin who invites another user by viewing the audit log after being invited. Remediation...
Linux Distros Unpatched Vulnerability : CVE-2025-1296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This...
UBUNTU-CVE-2025-1296
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk that stems from the insertion of sensitive information into log files, which could result in SNMP and IMPI secrets for host and folder attributes being written to administrator-accessible audit log...
PT-2024-28468 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue allows a high-privileged attacker with access to the audit logs to read message contents due to the failure to sanitize the RemoteClusterFrame payloads...
PYSEC-2024-42
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by...
Dependency-Track 安全漏洞
Dependency-Track is an intelligent supply chain component analysis platform for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.6.0, which stems from the fact that executing an API request with a valid API key with insufficient...
Elastic Cloud Enterprise 3.4.0 Security Update
Elastic Cloud Enterprise Sensitive information disclosure issue ESA-2022-10 A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in th...