4562 matches found
Authentication flaw
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a when configured to use local, RADIUS, or TACACS authentication logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username...
Security Bulletin: IBM Spectrum Protect Plus may disclose sensitive information in virgo log file (CVE-2022-22396)
Summary IBM Spectrum Protect Plus may disclose credentials in clear text in the virgo log file. Vulnerability Details CVEID: CVE-2022-22396 DESCRIPTION: Credentials are printed in clear text in the IBM Spectrum Protect Plus virgo log file in certain cases. Credentials could be the remote vSnap,...
CVE-2022-22396
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are...
[SECURITY] Fedora 36 Update: logrotate-3.20.1-1.fc36
The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log...
GHSA-M2CH-X2Q7-2284 Mattermost Server allows an attacker to specify a full pathname of a log file
An issue was discovered in Mattermost Server before 3.7.5. It allows an attacker to specify a full pathname of a log file...
Mattermost Server allows an attacker to specify a full pathname of a log file
An issue was discovered in Mattermost Server before 3.7.5. It allows an attacker to specify a full pathname of a log file...
GHSA-CV78-V957-JX34 Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
FreeIPA logs passwords embedded in commands in calls using batch
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...
GHSA-GP67-C7J2-2QG2 Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure...
Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure...
GHSA-7C3V-VC3X-X789 Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Configuration as Code Plugin inspects the type and looks for a field, getter, or constructor...
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Between Configuration as Code Plugin 0.8-alpha and 1.0, log messages contained values if the...
CVE-2020-13882
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...
OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
GHSA-QHQ8-XWQV-PVV9 OpenStack Swauth object/proxy server writing Auth Token to log file
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...
GHSA-PJVW-P2V5-WF6Q OpenStack Nova Long server names grow nova-api log files significantly
OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...
GHSA-C57P-3V2G-W9RG Insertion of Sensitive Information into Log File in Apache Tomcat
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. This issue was...
Insertion of Sensitive Information into Log File in Apache Tomcat
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. This issue was...
ovirt-engine Logs Plaintext Passwords To File
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...