Lucene search
K

59 matches found

Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.8 views

Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These credentials can be viewed by users with Item/Extended Read permission or acce...

4.3CVSS6.2AI score0.00226EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/07/09 4:49 p.m.5 views

Insufficiently Protected Credentials

Overview org.jenkins-ci.plugins:soapui-pro-functional-testing is a plugin used to run SoapUI Pro tests from Jenkins builds. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where SLM License Access Keys, client secrets, and...

6.8CVSS6.8AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53656

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 2025/07/09 3:39 p.m.24 views

CVE-2025-53657

CVE-2025-53657 affects Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier. The issue is that SLM License Access Keys, client secrets, and passwords displayed on the job configuration form are not masked, enabling potential exposure to users with access to the Jenkins UI/file system. Impa...

4.3CVSS6.5AI score0.00226EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.12 views

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

8.2CVSS6.5AI score0.00491EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:36 a.m.26 views

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.7AI score0.00411EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/11 4:3 p.m.18 views

CVE-2025-32016

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS6.5AI score0.0009EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/09 6:58 p.m.6 views

Insertion of Sensitive Information into Log File

Overview Microsoft.Identity.Abstractions is a package containing interfaces and POCO classes used in the Microsoft .NET authentication libraries Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web. Affected versions of this package are vulnerable to Insertion of Sensitive Information int...

5.7CVSS6.5AI score0.0009EPSS
Exploits0References2
CVE
CVE
added 2025/04/09 3:48 p.m.73 views

CVE-2025-32016

This CVE affects Microsoft Identity Web (and related Microsoft.Identity.Abstractions) used with ASP.NET Core for Azure AD v2.0 / AAD B2C integrations. Under certain conditions, service logs can expose sensitive credentials, including local file paths with passwords, Base64-encoded values, and Cli...

4.7CVSS4.7AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 2025/04/09 3:48 p.m.8 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS6.5AI score0.0009EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/09 3:48 p.m.8 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS6.5AI score0.0009EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 5:15 p.m.38 views

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

8.2CVSS0.00491EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/15 4:43 p.m.46 views

CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

2.7CVSS0.00491EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 4:43 p.m.21 views

CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

2.7CVSS6.4AI score0.00491EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/15 4:43 p.m.25 views

CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

2.7CVSS6.8AI score0.00491EPSS
Exploits0References3
CVE
CVE
added 2024/11/15 4:43 p.m.78 views

CVE-2024-52519

CVE-2024-52519 affects Nextcloud Server and Nextcloud Enterprise Server. The issue is that OAuth2 client secrets were stored in a recoverable form, enabling an attacker with access to a database backup and the Nextcloud config file to decrypt them. Public documentation in the provided sources rec...

8.2CVSS3.3AI score0.00491EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
added 2024/11/15 1:9 p.m.51 views

OAuth2 client secrets were stored in a recoverable way

None...

8.2CVSS5.2AI score0.00491EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that OAuth2 client secrets are stored in a recoverable manner so that an attacker...

8.2CVSS6.4AI score0.00491EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/23 12:0 a.m.7 views

pgAdmin 安全漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.11 and prior versions, which stems from a vulnerability that allows an attacker to obtain client IDs and secrets, resulting in unauthoriz...

9.9CVSS6AI score0.09685EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.6 views

PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...

8.2CVSS6.8AI score0.00491EPSS
Exploits0References11
Rows per page
Query Builder