Lucene search
K

106 matches found

CNNVD
CNNVD
added 2023/10/26 12:0 a.m.12 views

Elasticsearch Security Vulnerabilities

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from a secret token configuration that is not applied when combining some versions of ECK with APM Server...

5.3CVSS6.8AI score0.00364EPSS
Exploits0References3
Veracode
Veracode
added 2023/08/07 2:24 a.m.41 views

Leak Of Webhook Secret Token

gitlab is vulnerable to Leak Of Webhook Secret Token. The vulnerability exists because the project maintainer could leak a webhook secret token by changing the webhook URL to an endpoint, allowing them to capture request headers...

5.5CVSS6.7AI score0.00707EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/04/04 12:38 p.m.27 views

Information Disclosure

github.com/openshift/assisted-installer is vulnerable to Information Disclosure. The vulnerability exists in ops.go due to the leakage of image pull secrets as plaintext in installation logs which allows an attacker to gain access to the pull secret token information...

5.5CVSS5.7AI score0.00249EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.6 views

SUSE CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...

7.2CVSS7AI score0.00481EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.7 views

SUSE CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

8.1CVSS8.2AI score0.92144EPSS
Exploits13References9
OSV
OSV
added 2023/01/26 9:18 p.m.5 views

UBUNTU-CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

5.5CVSS5.7AI score0.00707EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.25 views

CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

5.5CVSS5.7AI score0.00707EPSS
Exploits1References3
OSV
OSV
added 2023/01/24 12:0 a.m.27 views

CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

5.5CVSS5.3AI score0.00707EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/01/16 12:0 a.m.39 views

GitLab 9.3 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-4054)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was...

5.5CVSS5.6AI score0.00707EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.5 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from the fact tha...

5.5CVSS5.6AI score0.00707EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.3 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE, which stems from the leakage o...

6.4CVSS6.4AI score0.00719EPSS
Exploits1References6
OSV
OSV
added 2022/05/24 4:59 p.m.31 views

GHSA-XCJ6-4355-2823 Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.3AI score0.00927EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.24 views

Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS2.4AI score0.00927EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 5:13 a.m.26 views

GHSA-5XV2-Q475-RWRH Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.8CVSS9.4AI score0.03002EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/17 5:13 a.m.20 views

Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.8CVSS9.6AI score0.03002EPSS
Exploits0References9Affected Software1
RubySec
RubySec
added 2022/05/17 12:0 a.m.33 views

Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.8CVSS7.2AI score0.03002EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/14 12:54 a.m.50 views

GHSA-RX7J-MW4C-76G9 Authlogic Information Exposure vulnerability

The Authlogic gem for Ruby on Rails prior to version 3.3.0 makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as demonstrated by a value...

5CVSS6.9AI score0.02737EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2021/09/06 12:28 p.m.187 views

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420 A vulnerability can allow an attacker to guess t...

9.8CVSS7.8AI score0.92144EPSS
Exploits13
GithubExploit
GithubExploit
added 2021/09/06 12:28 p.m.90 views

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420 A vulnerability can allow an attacker to guess t...

9.8CVSS8.8AI score0.92144EPSS
Exploits13
Hacker One
Hacker One
added 2021/01/30 9:0 p.m.27 views

Automattic: Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover

Summary: The "idnonce" value on https://intensedebate.com protects victims from CSRF attacks. However, this value is not changing with changed user ids of same account idnonce value is same in request from user id 'X' and user id 'Y' when 'X' is changed to 'Y'. It leads to CSRF on victim's accoun...

1AI score
Exploits0
Rows per page
Query Builder