Lucene search
K

8 matches found

CNNVD
CNNVD
added 2025/09/08 12:0 a.m.3 views

Fides 代码问题漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A code issue vulnerability exists in Fides versions prior to 2.69.1, which stems from a...

6.3CVSS6.8AI score0.00275EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/09/04 6:7 p.m.22 views

Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or...

9.1CVSS9AI score0.01342EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/05 8:40 p.m.38 views

Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...

5.3CVSS6.6AI score0.01114EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/07/03 5:34 p.m.37 views

CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

5.3CVSS0.01114EPSS
Exploits1References2
CVE
CVE
added 2024/07/02 7:50 p.m.105 views

CVE-2024-38537

Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...

9.8CVSS3.7AI score0.01427EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/10/25 6:17 p.m.48 views

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
OSV
OSV
added 2023/10/24 10:42 p.m.32 views

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.2AI score0.00722EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/10/24 2:45 a.m.28 views

Fides JavaScript Injection Vulnerability in Privacy Center URL

Impact The Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to no...

5.4CVSS6.8AI score0.00607EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder