57 matches found
GHSA-F24X-RM6G-3W5V Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...
CVE-2022-25185
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Sensitive Information Disclosure
Directus is vulnerable to information disclosure. The vulnerability is due to improper error handling due to sensitive data being exposed in API responses when a ValidationError is triggered in flows using the "Webhook" trigger and "Data of Last Operation" response body...
GHSA-FM3H-P9WM-H74H Directus's webhook trigger flows can leak sensitive data
Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...
CVE-2025-30353
Directus vulnerability (CVE-2025-30353): In Directus, flows using the Webhook trigger with the Data of Last Operation response can disclose sensitive data when a ValidationError occurs. Affected versions are 9.12.0 up to, but not including, 11.5.0. The exposure includes environment variables, API...
PT-2025-12984 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.4.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. When a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a...
Directus 信息泄露漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.12.0 through 11.5.0, which stems from a Webhook trigger that could lead to the disclosure of...
The vulnerability of the Jenkins MSTeams Webhook Trigger Plugin, related to the disclosure of information, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Jenkins MSTeams Webhook Trigger Plugin is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Jenkins Multibranch Scan Webhook Trigger Plugin, related to the disclosure of information, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Jenkins Multibranch Scan Webhook Trigger Plugin is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
GHSA-2XPQ-5952-38W3 Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this...
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
CVE-2023-46658 affects Jenkins MSTeams Webhook Trigger Plugin (versions 0.1.1 and earlier). The root cause is a non-constant time comparison when verifying the webhook token, which could enable attackers to use statistical methods to deduce a valid token. Public references (GHSA/NVD) describe the...
CVE-2023-46656
CVE-2023-46656 affects Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier. The root cause is a non-constant time comparison when verifying the webhook token, which can enable attackers to use statistical methods to determine a valid token. Public references (including Red ...
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Jenkins Plugin MSTeams Webhook Trigger Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Multibranch Scan Webhook Trigger Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-6545 · Jenkins · Jenkins Msteams Webhook Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier Description: The issue is related to information disclosure. It may allow a remote attacker to gain unauthorized access to protected information. The problem lies in the...
Jenkins Generic Webhook Trigger Plugin External Entity Injection (CVE-2021-21669)
An XXE vulnerability exists in Jenkins Generic Webhook Trigger Plugin. The vulnerability is due to insufficient validation of input parameters. Successful exploitation could lead to the disclosure of file contents for any file readable by Jenkins...
CVE-2022-43412
CVE-2022-43412 affects Jenkins Generic Webhook Trigger Plugin (versions 1.84.1 and earlier). The vulnerability stems from a non-constant time comparison when validating the provided webhook token against the expected token, which could enable attackers to infer a valid token via statistical metho...