Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ReadAll process. An attacker can obtain plaintext BasicAuth credentials intended for external webhook authentication by accessing the API with only read permissions to a project. Remediation Upgrade...

Astra Linux – Vulnerability in Firefox, Thunderbird

The username:password portion was not properly removed from URLs in CSP reports, which could potentially expose HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2024-7586

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

FreeBSD : RabbitMQ-C -- auth credentials visible in commandline tool options (7e9cc7fd-6b3e-46c5-ad6d-409d90d41bbf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7e9cc7fd-6b3e-46c5-ad6d-409d90d41bbf advisory. hadmut reports: This C library includes 2 command-line tools that can take credentials as command-line...

DEBIAN-CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

AZL-42942 CVE-2024-6104 affecting package keda for versions less than 2.4.0-22

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

GO-2024-2723 Apache Solr Operator liveness and readiness probes may leak basic auth credentials in github.com/apache/solr-operator

Apache Solr Operator liveness and readiness probes may leak basic auth credentials in github.com/apache/solr-operator...

PT-2025-26319 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 17.0.6 GitLab EE versions 17.1 through 17.1.4 GitLab EE versions 17.2 through 17.2.2 Description: An issue was discovered in GitLab EE where webhook deletion audit log preserved auth credentials. Recommendation...

Netgear WNR2000v4 Abuse / XSS / Command Injection Vulnerabilities

Netgear WNR2000v4 suffers from code execution, missing abuse control, and cross site scripting vulnerabilities. I'm releasing a few vulnerabilities for the WNR2000v4 Netgear router. Netgear is currently working these issues. Quick Fix --------- If you own a WNR2000v4, set a strong password and se...