Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451

Summary: CVE-2024-23451 affects Elasticsearch 8.10.0 and earlier, with versions before 8.13.0 vulnerable to an incorrect API key–based authorization in Remote Cluster Security. A remote attacker with a valid API key (and using the custom transport protocol) can read arbitrary documents from a rem...

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

Elasticsearch 8.13.0 Security Update (ESA-2024-07)

Elasticsearch Improper Authorization in the Remote Cluster Security API key based security model ESA-2024-07 It was identified by the Elastic engineering team that the API key based security model for Remote Cluster Security, which is currently in Beta, is affected by an improper authorization...

PT-2024-18305 · WordPress · Contests By Rewards Fuel

Name of the Vulnerable Software and Affected Versions: Contests by Rewards Fuel plugin for WordPress versions up to, and including, 2.0.64 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

CVE-2024-0368

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...

CVE-2024-28120

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

Code injection

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

CVE-2024-28120

The CVE-2024-28120 issue affects the codeium-chrome Chrome extension. The service worker does not validate the sender when handling external messages, enabling a malicious site to steal the user’s Codeium API key and impersonate the user on the backend autocomplete server. Affected component: cod...

CVE-2024-28120 API key leak in codeium-chrome

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...

BIT-GITLAB-2022-3018

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...

BIT-GITLAB-2023-0483

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site...

BIT-GRAFANA-2022-24812 FGAC API Key privilege escalation in Grafana

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

Path Traversal

langchain is vulnerable to Path Traversal. This vulnerability is due to a flaw in the loadchain function, allowing an actor to control the final part of the path parameter. This bypasses the intended behavior of loading configurations solely from a specific GitHub repository. The consequence coul...