Lucene search
K

593 matches found

Github Security Blog
Github Security Blog
added 2025/07/21 7:19 p.m.12 views

RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/21 7:12 p.m.2 views

buildalon/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

6.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/07/21 7:12 p.m.3 views

GHSA-MJ96-MH85-R574 buildalon/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

8.7CVSS6.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.4 views

PT-2025-30356 · Undefined · Undefined

🔴 Steam, Authentication Token Leak, CVE-2021-30405 Critical https://t.co/HJCAq0A62N...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.2 views

PT-2025-31594 · Github Actions · Buildalon/Setup-Steamcmd

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

8.7CVSS6.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.13 views

PT-2025-31593 · Github Actions · Rageagainstthepixel/Setup-Steamcmd

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

8.7CVSS6.9AI score
Exploits0References4
NVD
NVD
added 2025/07/09 4:15 p.m.6 views

CVE-2025-53665

Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.2 views

Jenkins plugin Apica Loadtest 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.3AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2025/07/01 2:49 p.m.27 views

CVE-2025-34062

The CVE affects OneLogin AD Connector before 6.1.5. A vulnerability exists in the /api/adc/v4/configuration endpoint where a valid directory_token (potentially obtainable from host registry keys or insecure logs) can yield a plaintext response that exposes sensitive credentials, including API key...

5.7CVSS5.9AI score0.00134EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.13 views

CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL...

6.1CVSS7.1AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:47 a.m.5 views

CVE-2024-46040

IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after t...

6.5CVSS7.1AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:25 a.m.8 views

CVE-2023-4939

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...

5.3CVSS7.2AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

8.8CVSS7.1AI score0.00827EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.11 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.1CVSS6.5AI score0.00971EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.9 views

CVE-2022-28162

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...

3.3CVSS7AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.15 views

CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...

8.1CVSS7.1AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.9 views

CVE-2021-32745

Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabo...

7.3CVSS5.9AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:56 p.m.9 views

CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties...

9.8CVSS7.2AI score0.01449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:51 p.m.6 views

CVE-2021-43532

The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...

6.1CVSS6.2AI score0.00528EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 p.m.4 views

CVE-2020-18701

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

9.8CVSS7AI score0.02277EPSS
Exploits1
Rows per page
Query Builder