158 matches found
CVE-2023-1831 User password logged in audit logs
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...
CVE-2023-22481
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...
Information Disclosure
ovirt is vulnerable to information disclosure. An attacker with sufficient privileges is able to read the log file due to plaintext password logging in the log file when using otapi-style...
CVE-2022-40979
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...
Design/Logic Flaw
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...
CVE-2022-31119
CVE-2022-31119 affects Nextcloud Mail: affected versions log user passwords to disk upon misconfiguration, enabling potential complete account access if log files are compromised. RedHat/Red Hat-affiliated advisories and Nextcloud security notes confirm the issue and recommend upgrading Nextcloud...
Nextcloud 日志信息泄露漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A log message disclosure vulnerability exists in Nextcloud Mail that originates from logging user passwords to disk...
PT-2022-20542 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.12.1 Description: The issue affects Nextcloud Mail, an email application for the Nextcloud personal cloud product. In the event of a misconfiguration, affected versions of Nextcloud Mail would log user...
Authentication flaw
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a when configured to use local, RADIUS, or TACACS authentication logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username...
PT-2022-17553 · Samsung · Galaxy Watch Plugin
Name of the Vulnerable Software and Affected Versions: Galaxy Watch Plugin versions prior to 2.2.05.22012751 Description: The issue allows an attacker to access password information of connected WiFiAp in the log. Recommendations: For Galaxy Watch Plugin versions prior to 2.2.05.22012751, update ...
CVE-2022-25264
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases...
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...
Moderate: Red Hat Security Advisory: cloud-init security update
An update for cloud-init is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
OPENSUSE-SU-2021:2147-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...
Ubuntu: Security Advisory (USN-4998-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4998-1: Ceph vulnerabilities
It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. CVE-2020-25678 Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain...
SUSE-SU-2021:1960-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - Do not log passwords in logfiles bsc1184016...
SUSE-SU-2021:1959-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...