Lucene search
K

246 matches found

OSV
OSV
added 2026/02/10 12:30 p.m.5 views

GHSA-GV3V-2CPP-3PMQ Keycloak logs sensitive headers

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

5CVSS5.8AI score0.00141EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.5 views

Keycloak logs sensitive headers

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

5CVSS5.8AI score0.00141EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 10:53 a.m.5 views

CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

5CVSS5.5AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/10 10:53 a.m.23 views

CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern such as the pre-defined 'long' pattern, sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract...

5CVSS0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability. This vulnerability arises when the log format is configured to include details for users, causing sensitive headers to be disclosed in plain text within the logs. This...

5CVSS5.7AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.15 views

CVE-2021-22113

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

5.3CVSS6.9AI score0.00819EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 11:16 p.m.7 views

CVE-2025-66029

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

7.6CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 10:32 p.m.20 views

CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

7.6CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 2025/12/17 10:32 p.m.12 views

CVE-2025-66029

Open OnDemand (prior to 4.1) is affected: the Apache proxy in 4.0.8 and earlier may pass sensitive headers to origin servers, enabling an attacker to set up an origin server on a compute node that records headers when users connect. A fix is expected in the 4.1 release; for 4.0.x workarounds exis...

7.6CVSS6.5AI score0.00168EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/17 10:32 p.m.6 views

EUVD-2025-204011

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

7.6CVSS6.4AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 10:32 p.m.5 views

CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

7.6CVSS6.5AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 10:32 p.m.7 views

CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

7.6CVSS6.8AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.11 views

PT-2025-51973

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...

7.6CVSS6.5AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.14 views

event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.13 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS7AI score0.19396EPSS
Exploits11References7
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.10 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.1CVSS7.5AI score0.19396EPSS
Exploits11References14
RedhatCVE
RedhatCVE
added 2025/12/02 7:22 a.m.4 views

CVE-2025-65944

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

5CVSS6.5AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 1:15 a.m.8 views

CVE-2025-65944

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

5CVSS0.00298EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 12:23 a.m.17 views

CVE-2025-65944

Sentry-Javascript (official Sentry SDK for JavaScript) versions 10.11.0 to before 10.27.0 are affected. When a Node.js application uses the SDK with sendDefaultPii: true, certain sensitive HTTP headers (including Cookie) can be inadvertently sent to Sentry and stored in the associated trace, pote...

5CVSS6.5AI score0.00298EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/25 12:23 a.m.4 views

EUVD-2025-198990

Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...

5CVSS6.3AI score0.00298EPSS
Exploits0References8
Rows per page
Query Builder