55 matches found
CVE-2022-46146
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...
CVE-2022-46146
CVE-2022-46146 affects Prometheus Exporter Toolkit prior to 0.7.2 and 0.8.2; attackers with access to the Prometheus web.yml and hashed passwords can poison the built-in authentication cache. A fix exists in 0.7.2 and 0.8.2. Attacker needs access to the hashed password to exploit. Upgrade to 0.7....
CVE-2022-46146
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...
CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...
GHSA-742J-JCFR-23W3 Insufficient Session Expiration in Jenkins
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...
DEBIAN-CVE-2020-12755
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password...
RHEL 6 : spacewalk-backend and spacewalk-proxy (RHSA-2019:1663)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1663 advisory. Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fixes:...
spacewalk-proxy: Path traversal in proxy authentication cache
A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process...
polkit: Temporary auth hijacking via PID reuse and non-atomic fork
A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges...
IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities
IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...
IBM WebSphere Application Server 7.0 < Fix Pack 25 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 25 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Several errors exist related to SSL/TLS that can allow an attacker to carry out denial of service attacks against the...
IBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 45 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An error exists related to 'Application Snoop Servlet' and missing access controls. This error can allow sensitive information...
CVE-2012-3306
Summary (CVE-2012-3306 family in IBM WebSphere Application Server) : Multiple IBM WebSphere bulletins and NASL/OSS feeds reference CVEs affecting WebSphere Application Server components across versions 6.1, 7.0, 8.x (notably 8.5.x) and IBM HTTP Server, with the core issues including: CVE-2012-330...
dovecot LDAP+auth cache user login mixup
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password...
DEBIAN-CVE-2007-6598
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password...