GHSA-V34R-VJ4R-38J6 Updatecli exposes Maven credentials in console output

Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...

PT-2025-5338 · Updatecli +2 · Updatecli +2

Name of the Vulnerable Software and Affected Versions: Updatecli versions prior to 0.93.0 Description: The issue concerns the leakage of private Maven repository credentials in application logs when an updatecli pipeline execution fails. This occurs when the pipeline contains a maven source...

CVE-2024-13291

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

PT-2026-20548

Name of the Vulnerable Software and Affected Versions Orthanc versions prior to 1.12.10 Description An authorisation logic flaw exists in the HTTP Basic Authentication implementation of Orthanc. Successful exploitation could lead to privilege escalation, potentially granting full administrative...

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment allows a perpetrator to circumvent existing security restrictions.

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2024-50313

A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...

CVE-2024-50313

A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...

CVE-2024-50313

A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...

CVE-2024-50313

A vulnerability has been identified in Mendix Runtime V10 All versions V10.16.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.7 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All versio...

Drupal Basic HTTP Authentication module < 7.x-1.4 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Roderik Muit in WordPress Module Basic HTTP Authentication versions 7.x-1.4...

PT-2024-10484 · Drupal · Drupal Basic Http Authentication

Name of the Vulnerable Software and Affected Versions: Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.3 Drupal Basic HTTP Authentication versions prior to 7.X-1.4 Description: The issue is related to insufficient authorization mechanisms in the Basic HTTP Authentication module of...

CVE-2024-10295

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...

Red Hat 3scale API Management Platform 安全漏洞

Red Hat 3scale API Management Platform is an infrastructure platform for API management from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform that stems from the fact that sending...

PYSEC-2024-196

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...

Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

GHSA-89V2-PQFV-C5R9 Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

basic-auth-connect 安全漏洞

basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...

Prometheus Exporter Toolkit vulnerable to basic authentication bypass

...

The vulnerability of the retryablehttp package, related to the insertion of confidential information into the log file, allows a perpetrator to obtain confidential authentication credentials for HTTP basic authentication.

The vulnerability of the retryablehttp package lies in the lack of cleaning of URL addresses when they are written to the log file. Exploiting this vulnerability can allow an attacker to obtain confidential basic authentication credentials...