593 matches found
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
buildalon/setup-steamcmd leaked authentication token in job output logs
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
GHSA-MJ96-MH85-R574 buildalon/setup-steamcmd leaked authentication token in job output logs
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
PT-2025-30356 · Undefined · Undefined
🔴 Steam, Authentication Token Leak, CVE-2021-30405 Critical https://t.co/HJCAq0A62N...
PT-2025-31594 · Github Actions · Buildalon/Setup-Steamcmd
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
PT-2025-31593 · Github Actions · Rageagainstthepixel/Setup-Steamcmd
Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...
CVE-2025-53665
Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Jenkins plugin Apica Loadtest 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
CVE-2025-34062
The CVE affects OneLogin AD Connector before 6.1.5. A vulnerability exists in the /api/adc/v4/configuration endpoint where a valid directory_token (potentially obtainable from host registry keys or insecure logs) can yield a plaintext response that exposes sensitive credentials, including API key...
CVE-2024-24941
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL...
CVE-2024-46040
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after t...
CVE-2023-4939
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
CVE-2023-24030
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...
CVE-2022-28162
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...
CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...
CVE-2021-32745
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabo...
CVE-2021-36166
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties...
CVE-2021-43532
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...