106 matches found
Elasticsearch Security Vulnerabilities
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from a secret token configuration that is not applied when combining some versions of ECK with APM Server...
Leak Of Webhook Secret Token
gitlab is vulnerable to Leak Of Webhook Secret Token. The vulnerability exists because the project maintainer could leak a webhook secret token by changing the webhook URL to an endpoint, allowing them to capture request headers...
Information Disclosure
github.com/openshift/assisted-installer is vulnerable to Information Disclosure. The vulnerability exists in ops.go due to the leakage of image pull secrets as plaintext in installation logs which allows an attacker to gain access to the pull secret token information...
SUSE CVE-2013-3709
WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...
SUSE CVE-2019-5420
A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...
UBUNTU-CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...
CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...
CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...
GitLab 9.3 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-4054)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...
GitLab CE/EE 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE, which stems from the leakage o...
GHSA-XCJ6-4355-2823 Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
GHSA-5XV2-Q475-RWRH Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
GHSA-RX7J-MW4C-76G9 Authlogic Information Exposure vulnerability
The Authlogic gem for Ruby on Rails prior to version 3.3.0 makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as demonstrated by a value...
Exploit for Command Injection in Rubyonrails Rails
CVE-2019-5420 A vulnerability can allow an attacker to guess t...
Exploit for Command Injection in Rubyonrails Rails
CVE-2019-5420 A vulnerability can allow an attacker to guess t...
Automattic: Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover
Summary: The "idnonce" value on https://intensedebate.com protects victims from CSRF attacks. However, this value is not changing with changed user ids of same account idnonce value is same in request from user id 'X' and user id 'Y' when 'X' is changed to 'Y'. It leads to CSRF on victim's accoun...