243 matches found
CVE-2025-50200
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...
DEBIAN-CVE-2025-50200
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...
UBUNTU-CVE-2025-50200
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...
CVE-2025-50200 RabbitMQ Node can log Basic Auth header from an HTTP request
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which...
PT-2025-26223
Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.13.7 and prior Description The issue concerns RabbitMQ logging authorization headers in plaintext, encoded in base64, when queried with HTTP/s and basic authentication. This results in logs containing all request headers,...
RabbitMQ 日志信息泄露漏洞
RabbitMQ is a feature-rich multi-protocol messaging and streaming agent open-sourced by RabbitMQ. A log information disclosure vulnerability exists in RabbitMQ 3.13.7 and earlier versions, which stems from plaintext logging of base64-encoded authorization headers in the log...
AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
Important: runfinch-finch
Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose Authorization header consist...
Moodle < 4.1.12 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....
Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to improper removal of sensitive information before storage or transfer in the console (CVE-2022-1650)
Summary EventSource is used by IBM Storage Fusion Data Foundation in the console as part of data metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1650. Vulnerability Details CVEID:CVE-2022-1650 DESCRIPTION: EventSourc...
AZL-59227 CVE-2025-30204 affecting package etcd for versions less than 3.5.21-1
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
Regular Expression Denial Of Service (ReDoS)
@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...
SUSE CVE-2023-45725
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output, insert t...
CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2024-2291)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2024-38275
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...
RHEL 6 : python-requests (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - Reques...
CVE-2024-30260
A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header. Mitigation Mitigation for this issue is either not...
AZL-39803 CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...