Ech0's Missing Authorization on System Logs Allows Non-Admin Information Disclosure

Summary The system log endpoints GET /api/system/logs, GET /api/system/logs/stream, WS /ws/system/logs lack authorization checks, allowing any authenticated non-admin user to read and stream all server logs. These logs contain error stack traces, internal file paths, module names, and arbitrary...

GHSA-CP79-9MWR-WR49 Ech0: Missing authorization on dashboard log endpoints allows low-privilege users to access sensitive system logs

Summary Ech0 allows any authenticated user to read historical system logs and subscribe to live log streams because the dashboard log endpoints validate only that a JWT is present and valid, but do not require an administrator role or privileged scope. Impact Any valid user session can access GET...

Linux Distros Unpatched Vulnerability : CVE-2019-10195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch...

Linux Distros Unpatched Vulnerability : CVE-2023-6872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This...

CVE-2024-54550

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs...

PT-2025-5314 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: macOS Sequoia versions prior to 15.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 Description: A privacy issue was addressed with improved private data redaction for log entries. An app may be able to view a contact's phone number...

SUSE CVE-2023-6872

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox 121...

Hitachi Vantara Pentaho Business Analytics Server 日志信息泄露漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that originates from exposing sensitive data to system...

CVE-2022-0725

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs...

CVE-2017-12315

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative use...