Lucene search
K

232 matches found

Cvelist
Cvelist
added 2023/12/13 7:2 a.m.35 views

CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

8CVSS7.9AI score0.00608EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 7:2 a.m.9 views

CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

8CVSS6.6AI score0.00608EPSS
Exploits0References3
Elastic
Elastic
added 2023/12/12 5:23 p.m.8 views

Kibana 8.11.2, 7.17.16 Security Update (ESA-2023-27)

Kibana Insertion of Sensitive Information into Log File ESA-2023-27 An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which...

8CVSS6.4AI score0.00608EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

8CVSS6.4AI score0.00608EPSS
Exploits0References10
OSV
OSV
added 2023/11/22 6:15 p.m.2 views

CVE-2023-6263

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitima...

8.1CVSS5.8AI score0.00489EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 6:15 p.m.18 views

CVE-2023-6263

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitima...

8.3CVSS0.00489EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/22 5:56 p.m.19 views

CVE-2023-6263 Server Spoofing Vulnerability in NxCloud

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitima...

8.3CVSS8.4AI score0.00489EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.37 views

Oracle Linux 8 : python27:2.7 (ELSA-2023-7042)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7042 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2023-40217 Resolves:...

9.8CVSS7.6AI score0.20459EPSS
Exploits14References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:39 p.m.33 views

Security Bulletin: NPM GitHub EventSource improper removal of sensitive information (CVE-2022-1650)

Summary NPM GitHub EventSource is used by the Dashboard within IBM Storage Ceph. IBM Ceph Storage is vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource. CVE-2022-1650 Vulnerability Details CVEID: CVE-2022-1650 DESCRIPTIO...

9.3CVSS5.9AI score0.01799EPSS
Exploits1Affected Software1
Prion
Prion
added 2023/10/26 2:15 a.m.23 views

Design/Logic Flaw

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

5CVSS7.5AI score0.00656EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/26 1:43 a.m.38 views

CVE-2023-31422 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

9CVSS9.3AI score0.00656EPSS
Exploits0References2
OSV
OSV
added 2023/10/12 5:15 p.m.3 views

ALPINE-CVE-2023-45143

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in...

3.5CVSS6.6AI score0.01223EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/09/11 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2023-2798)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7AI score0.02974EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.16 views

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-2596)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirect...

6.1CVSS7.1AI score0.02974EPSS
Exploits1References2
Snyk
Snyk
added 2023/08/01 7:41 a.m.6 views

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure. Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. Remediation Upgrade logstash-core to...

7.5CVSS6.8AI score0.01765EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:56 p.m.500 views

Security Bulletin: Python-requests is vulnerable to CVE-2023-32681 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses python-requests which is vulnerable to CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization...

6.1CVSS6.5AI score0.02974EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.34 views

Amazon Linux 2 : python3-requests (ALAS-2023-2111)

The version of python3-requests installed on the remote host is prior to 2.14.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2111 advisory. A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy- Authorization heade...

6.1CVSS7.1AI score0.02974EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 5:22 p.m.20 views

Security Bulletin: A Vulnerability in python-requests affects IBM InfoSphere Information Server (CVE-2023-32681)

Summary Python-requests is used by IBM InfoSphere Information Server. An information disclosure vulnerability in python-requests was addressed. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the...

6.1CVSS6.2AI score0.02974EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/05/26 6:15 p.m.28 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

6.1CVSS6.6AI score0.02974EPSS
Exploits1References7
CVE
CVE
added 2023/05/26 5:2 p.m.1569 views

CVE-2023-32681

CVE-2023-32681 affects the Python-requests project: a Proxy-Authorization header can be leaked to destination servers when redirects head to HTTPS due to how rebuild_proxies reattaches credentials. The issue arises in requests before the fix and is mitigated by upgrading to version 2.31.0 or late...

6.1CVSS6.8AI score0.02974EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder