60 matches found
CVE-2024-41178
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...
CVE-2025-64709
Typebot (open-source chatbot builder) contains an SSRF flaw in the webhook block’s HTTP Request component affecting versions before 3.13.1. The issue lets authenticated users cause server-side HTTP requests, bypass IMDSv2 via custom header injection, and extract temporary AWS IAM credentials for ...
EUVD-2022-53457
Malicious code in bioql PyPI...
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...
CVE-2022-32260
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application creates temporary user credentials for UMC User Management Component users. An attacker could use these temporary credentials for authentication bypass in certain scenarios...
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Prevent token leakage / privilege escalation MinIO Operator STS: A Quick Overview MinIO Operator STS is a native IAM Authentication for Kubernetes. MinIO Operator offers support for Secure Tokens a.k.a. STS which are a form of temporary access credentials for your MinIO Tenant. In essence, this...
GHSA-V63M-X9R9-8GQP AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...
PT-2025-8736 · Unknown · Met One 3400+
Name of the Vulnerable Software and Affected Versions: MET ONE 3400+ version 1.0.41 Description: The issue concerns the temporary storage of credentials in plain text within the system under rare conditions. This data is not accessible to unauthenticated users. Recommendations: For version 1.0.41...
Credential Caching
snowflakeconnectorpython is vulnerable to Credential Caching. The vulnerability is due to improper handling of temporary credential caching on Linux systems, When caching is enabled, the credentials are stored in a file that is readable by all users, allowing unauthorized access...
PYSEC-2025-28
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...
Incorrect Default Permissions
Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Incorrect Default Permissions when using EXTERNALBROWSER or USERNAMEPASSWORDMFA authentication methods with temporary credential caching enabled, allowing the attacker to...
CVE-2025-24795 The Snowflake Connector for Python uses insecure cache files permissions
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...
GHSA-XFHV-WQJ6-RX99 snowflake-sdk may incorrectly validate temporary credential cache file permissions
Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux...
GHSA-33G6-495W-V8J2 Snowflake JDBC uses insecure temporary credential cache file permissions
Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through...
CVE-2025-24790
CVE-2025-24790 affects Snowflake JDBC driver (type 4) used by Java apps. On Linux, when temporary credential caching is enabled, credentials may be cached locally in a world-readable file. Affected versions: 3.6.8 through 3.21.0. The issue has been fixed in version 3.22.0. Remediation: upgrade Sn...
PT-2025-5572 · Snowflake · Snowflake-Connector-Nodejs
Name of the Vulnerable Software and Affected Versions: snowflake-connector-nodejs versions 1.12.0 through 2.0.1 Description: The issue concerns a vulnerability in the Snowflake NodeJS Driver where file permissions checks of the temporary credential cache could be bypassed by an attacker with writ...
Snowflake JDBC 安全漏洞
Snowflake JDBC is an application from Snowflake, Inc. provides a JDBC type 4 driver that supports the core functionality and allows Java programs to connect to Snowflak. A security vulnerability exists in Snowflake JDBC versions prior to 3.22.0 that stems from caching temporary credentials in a...
GHSA-C2HF-VCMR-QJRF Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...
CVE-2024-41178 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...