8 matches found
CVE-2023-22481
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-22481
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-22481
CVE-2023-22481 affects FreshRSS with its greader API. The failure paths unauthorized()/badRequest() print debugInfo(), which returns the request content, causing passwords or API keys to be logged in clear in users/_/log_api.txt (and optionally syslog if COPY_LOG_TO_SYSLOG is true). Exploitation ...
CVE-2022-23497 Insecure file access in FreshRSS
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...
PT-2022-16030 · Freshrss · Freshrss
Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.20.2 Description: FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords of the...