3 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the supi path parameter handling process. An attacker can cause the service to return a 500 Internal Server Error by sending a PATCH request to the sdm-subscriptions endpoint with an empty supi path parameter...
PT-2023-10292 · WordPress · Woosidebars Plugin
Name of the Vulnerable Software and Affected Versions: WooSidebars Plugin versions up to 1.4.1 Description: A problematic issue has been found in the WooSidebars Plugin on WordPress, affecting the function enable custom post sidebars of the file classes/class-woo-sidebars.php. The manipulation of...
Vault's GCP Secrets Engine Service Account Keys Not Enforcing Configured TTL
Summary Vault and Vault Enterprise versions 1.3.5/1.4.0 through 1.4.2, configured with the GCP Secrets Engine may, under certain circumstances, incorrectly generate GCP Credentials with the default time-to-live lease duration, instead of the engine configured setting. This may lead to generated G...