Lucene search
K

9 matches found

OSV
OSV
added 2026/05/15 11:8 p.m.8 views

CLSA-2026-1778881463 ipa: Fix of 3 CVEs

CVE-2023-5455: fix CSRF vulnerability by adding Referer header check to all session endpoints - CVE-2024-1481: validate Kerberos principal name before kinit and pass it with -- separator to prevent option injection - CVE-2024-11029: scrub administrative passwords from process command line and...

6.5CVSS6.2AI score0.0111EPSS
Exploits1References1
OSV
OSV
added 2026/05/06 5:1 p.m.8 views

GHSA-Q4W7-56HR-83RM Nginx-UI Settings API Exposes Protected Secrets

Summary The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/06 12:0 a.m.19 views

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.10 views

CVE-2026-42223

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...

6.5CVSS5.7AI score0.00295EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 6:42 p.m.2 views

GO-2026-4876 Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor

Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/26 10:25 p.m.10 views

GHSA-PRH4-VHFH-24MJ Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

6.9CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 10:25 p.m.40 views

Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

5.8AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 3:11 p.m.7 views

CVE-2026-3277

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

6.5CVSS6AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/09/14 5:15 a.m.11 views

CVE-2025-59363

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 even though this secret should only be returned when an App is first created,...

7.7CVSS0.00303EPSS
Exploits0References1
Rows per page
Query Builder