7 matches found
CVE-2023-46255
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
CVE-2023-46255
creationtimestamp| type| source ---|---|--- 2023-10-31 19:22:14+00:00| seen| https://t.me/cibsecurity/73251...
CVE-2023-46255 vulnerabilities
Vulnerabilities for packages: spicedb...
CVE-2023-46255 vulnerabilities
Vulnerabilities for packages: spicedb...
CVE-2023-46255
SpiceDB (open source, Google Zanzibar-inspired permissions store) has a log exposure flaw: if the datastore URI is malformed (for example, a password containing a colon), the full URI including the password is printed to logs. This is addressed in version 1.27.0-rc1. Upgrade to 1.27.0-rc1 or late...
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...
CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...