13 matches found
CVE-2026-50202
Summary: CVE-2026-50202 affects Steeltoe libraries: Steeltoe.Security.Authentication.CloudFoundryBase < 3.4.0, Steeltoe.Security.Authentication.JwtBearer < 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect
CVE-2026-50200
The CVE affects Steeltoe’s Environment actuator sanitization for Steeltoe.Management.Endpoint <4.2.0 and Steeltoe.Management.EndpointCore <3.4.0. The Sanitizer uses a suffix-based key match list (default: password, secret, key, token, .credentials. , vcap_services) that does not cover Conne...
CVE-2026-50196
CVE-2026-50196 – Steeltoe.Discovery.Eureka : In Steeltoe.Discovery.Eureka before versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws an ArgumentException for any DataCenterInfo.name other than MyOwn, Amazon, or Netflix, causing the registry deserialization to fail and the cache refresh to sw...
CVE-2026-50194
Steeltoe CVE-2026-50194 affects management endpoints when configured to listen on an alternate port. Versions 3.2.2–3.3.0 and 4.1.0 use the Host header to gate access instead of the socket port, enabling port-isolation bypass. Patches are in 3.4.0 and 4.2.0. If upgrading isn’t possible, apply exp...
EUVD-2024-2425
Malicious code in bioql PyPI...
CVE-2024-40636
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
CVE-2024-40636
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
CVE-2024-40636 Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
CVE-2024-40636
The CVE concerns Steeltoe.Discovery.Eureka where DiscoveryClient logs may leak basic-auth credentials because Eureka server URLs are not fully masked when FetchRegistry fails. Affects Steeltoe.Discovery.Eureka (and related packages) with multiple Eureka URLs and basic auth; root cause is logging ...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
PT-2024-28955 · Steeltoe · Steeltoe.Discovery.Eureka
Name of the Vulnerable Software and Affected Versions: Steeltoe.Discovery.Eureka versions prior to 3.2.8 Description: The issue concerns credential leakage in logs when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. Only...