59 matches found
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These credentials can be viewed by users with Item/Extended Read permission or acce...
Insufficiently Protected Credentials
Overview org.jenkins-ci.plugins:soapui-pro-functional-testing is a plugin used to run SoapUI Pro tests from Jenkins builds. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where SLM License Access Keys, client secrets, and...
CVE-2025-53656
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
CVE-2025-53657
CVE-2025-53657 affects Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier. The issue is that SLM License Access Keys, client secrets, and passwords displayed on the job configuration form are not masked, enabling potential exposure to users with access to the Jenkins UI/file system. Impa...
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2025-32016
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
Insertion of Sensitive Information into Log File
Overview Microsoft.Identity.Abstractions is a package containing interfaces and POCO classes used in the Microsoft .NET authentication libraries Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web. Affected versions of this package are vulnerable to Insertion of Sensitive Information int...
CVE-2025-32016
This CVE affects Microsoft Identity Web (and related Microsoft.Identity.Abstractions) used with ASP.NET Core for Azure AD v2.0 / AAD B2C integrations. Under certain conditions, service logs can expose sensitive credentials, including local file paths with passwords, Base64-encoded values, and Cli...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-52519 Nextcloud Server's OAuth2 client secrets were stored in a recoverable way
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-52519
CVE-2024-52519 affects Nextcloud Server and Nextcloud Enterprise Server. The issue is that OAuth2 client secrets were stored in a recoverable form, enabling an attacker with access to a database backup and the Nextcloud config file to decrypt them. Public documentation in the provided sources rec...
OAuth2 client secrets were stored in a recoverable way
None...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that OAuth2 client secrets are stored in a recoverable manner so that an attacker...
pgAdmin 安全漏洞
pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.11 and prior versions, which stems from a vulnerability that allows an attacker to obtain client IDs and secrets, resulting in unauthoriz...
PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...