4577 matches found
CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the log...
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
GHSA-666G-RFC5-C9JV Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
Design/Logic Flaw
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215
CVE-2023-46215 affects Apache Airflow and its Celery provider. The issue is that sensitive information is logged in clear text when using rediss, amqp, or rpc protocols as the Celery result backend. Affected versions: Airflow Celery provider 3.3.0–3.4.0 and Apache Airflow 1.10.0–2.6.3. Impact is ...
CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File
An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...
CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File
An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...
CVE-2023-46668 Elastic Endpoint Insertion of Sensitive Information into Log File
If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...
CVE-2023-27256
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...
PT-2023-30151 · Elastic · Fleet Server
Name of the Vulnerable Software and Affected Versions: Fleet Server versions 8.10.0 through 8.10.2 Description: An issue was discovered where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into...
Credential Disclosure Through Logs
github.com/ydb-platform/ydb-go-sdk is vulnerable to Information Disclosure. The vulnerability is due to a custom implementation of the credentials interface. During logging, the credentials are directly serialized into the error message. If an application defines a custom credential interface, an...
Code injection
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
CVE-2023-4089
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...
CVE-2023-4089
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...
CVE-2023-4089 WAGO: Multiple products vulnerable to local file inclusion
On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...
CVE-2023-44388
Discourse (open source forum software) is affected by CVE-2023-44388: a malicious request can cause production log files to rapidly fill, leading to disk-space exhaustion. Affected versions: 3.1.1 (stable) and 3.2.0.beta2. The workaround mentioned is reducing the nginx client_max_body_size direct...
CVE-2023-5003
Summary: CVE-2023-5003 affects the Active Directory Integration / LDAP Integration WordPress plugin (pre-4.1.10). The issue cores in storing sensitive LDAP logs in a buffer file created when an administrator exports logs; the buffer file is not removed and can be accessed by anyone who knows the ...