Lucene search
+L

243 matches found

AlpineLinux
AlpineLinux
added 2025/06/19 5:15 p.m.10 views

CVE-2025-50200

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

6.7CVSS7.3AI score0.00194EPSS
Exploits1References1
OSV
OSV
added 2025/06/19 5:15 p.m.2 views

DEBIAN-CVE-2025-50200

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

5.5CVSS5.3AI score0.00194EPSS
Exploits1References1
OSV
OSV
added 2025/06/19 5:15 p.m.5 views

UBUNTU-CVE-2025-50200

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

6.7CVSS5.7AI score0.00194EPSS
Exploits1References4
OSV
OSV
added 2025/06/19 4:14 p.m.7 views

CVE-2025-50200 RabbitMQ Node can log Basic Auth header from an HTTP request

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...

6.7CVSS6.6AI score0.00194EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.10 views

PT-2025-26223

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.13.7 and prior Description The issue concerns RabbitMQ logging authorization headers in plaintext, encoded in base64, when queried with HTTP/s and basic authentication. This results in logs containing all request headers,...

6.7CVSS6.9AI score0.00194EPSS
Exploits1References16
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.4 views

RabbitMQ 日志信息泄露漏洞

RabbitMQ is a feature-rich multi-protocol messaging and streaming agent open-sourced by RabbitMQ. A log information disclosure vulnerability exists in RabbitMQ 3.13.7 and earlier versions, which stems from plaintext logging of base64-encoded authorization headers in the log...

6.7CVSS5.9AI score0.00194EPSS
Exploits1References2
OSV
OSV
added 2025/06/11 5:15 p.m.6 views

AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.7AI score0.0058EPSS
Exploits0References1
Amazon
Amazon
added 2025/04/29 12:0 a.m.5 views

Important: runfinch-finch

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose Authorization header consist...

7.5CVSS7.8AI score0.00693EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.4 views

Moodle < 4.1.12 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

8.1CVSS7.2AI score0.00646EPSS
Exploits0References39
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.7 views

Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

8.8CVSS6.4AI score0.00455EPSS
Exploits0References15
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/04 9:15 p.m.22 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to improper removal of sensitive information before storage or transfer in the console (CVE-2022-1650)

Summary EventSource is used by IBM Storage Fusion Data Foundation in the console as part of data metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1650. Vulnerability Details CVEID:CVE-2022-1650 DESCRIPTION: EventSourc...

9.3CVSS6AI score0.01799EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/03/21 10:15 p.m.13 views

AZL-59227 CVE-2025-30204 affecting package etcd for versions less than 3.5.21-1

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
Veracode
Veracode
added 2025/02/18 5:48 a.m.10 views

Regular Expression Denial Of Service (ReDoS)

@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...

5.3CVSS5.1AI score0.00605EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/02/14 6:11 a.m.3 views

SUSE CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output, insert t...

5.7CVSS5.5AI score0.01232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/06 10:26 p.m.5 views

CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...

7.5CVSS6.7AI score0.00504EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/22 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2024-2291)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.4AI score0.02974EPSS
Exploits1References2
OSV
OSV
added 2024/06/18 8:15 p.m.35 views

UBUNTU-CVE-2024-38275

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.14 views

RHEL 6 : python-requests (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - Reques...

7.5AI score0.07443EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2024/04/04 8:21 p.m.25 views

CVE-2024-30260

A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header. Mitigation Mitigation for this issue is either not...

3.9CVSS4AI score0.00734EPSS
Exploits0References3
OSV
OSV
added 2024/04/04 4:15 p.m.8 views

AZL-39803 CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

4.3CVSS6.6AI score0.00734EPSS
Exploits0References1
Rows per page
Query Builder