5 matches found
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2014-6274 S3 and Glacier remotes creds embedded in the git repo were not encrypted
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...
CVE-2014-6274 S3 and Glacier remotes creds embedded in the git repo were not encrypted
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...
PT-2023-17241 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...