49 matches found
CVE-2023-49106
Missing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Agent component.This issue affects Hitachi Device Manager: before 8.8.5-04...
CVE-2025-12148
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
EUVD-2025-36685
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148 Unauthorized access to fields protected by Field Masking (FM) for fields of type IP
In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...
CVE-2025-12148
In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...
PT-2025-44310
Name of the Vulnerable Software and Affected Versions Search Guard versions 3.1.1 and earlier Description Field Masking FM rules are not properly enforced on fields of type IP IP Address. While the content of these fields is redacted in search results, documents are still returned when searching...
EUVD-2023-1133
Malicious code in bioql PyPI...
EUVD-2023-53115
Malicious code in bioql PyPI...
EUVD-2025-29514
Malicious code in bioql PyPI...
EUVD-2023-33588
Malicious code in bioql PyPI...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the process that applies field masking rules to fields of types ip, geopoint, geoshape, xypoint, and xyshape. An attacker can access sensitive information by issuing search queries that reconstruct the original...
OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape
Impact OpenSearch versions 2.19.2 and earlier improperly apply field masking rules on fields of the types ip, geopoint, geoshape, xypoint, xyshape. While the content of these fields is properly redacted in the source document returned by search operations, the original unredacted values remain...
GHSA-RRMM-WQ7Q-H4V5 OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape
Impact OpenSearch versions 2.19.2 and earlier improperly apply field masking rules on fields of the types ip, geopoint, geoshape, xypoint, xyshape. While the content of these fields is properly redacted in the source document returned by search operations, the original unredacted values remain...
PT-2025-32598 · Maven · Org.Opensearch.Plugin:Opensearch-Security
Impact OpenSearch versions 2.19.2 and earlier improperly apply field masking rules on fields of the types ip, geo point, geo shape, xy point, xy shape. While the content of these fields is properly redacted in the source document returned by search operations, the original unredacted values remai...
CVE-2024-10122
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...
CVE-2022-41918
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...
CVE-2025-4526
A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...