7 matches found
CVE-2025-24034 Himmelblau leaks credentials in the debug log
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2025-24034
CVE-2025-24034 (Himmelblau) affects Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.7.0 and older than 0.7.15 and older than 0.8.3, debug logging can leak credentials: user access tokens and Kerberos TGTs may be written to logs when debug is enabled. A...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...
CVE-2023-42662
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration...
CVE-2023-42662
CVE-2023-42662 (JFrog Artifactory) affects Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, and 7.71.8. The issue arises from improper handling of the CLI/IDE browser-based SSO integration, allowing user interaction with specially crafted URLs to expose user access tokens...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-41497)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server that stems from the program not properly handling the permissions created by user access tokens. An attacker can exploit this vulnerability to...