Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/07/02 1:46 p.m.9 views

GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...

8.3CVSS7.2AI score0.00696EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 6:30 p.m.13 views

Netmaker does not verify JWT signatures for host tokens

Netmaker by Gravitl is an open-source WireGuard-based networking platform for creating and managing virtual overlay networks. The VerifyHostToken function in logic/jwts.go does not validate the JWT signature when verifying host tokens. After calling jwt.ParseWithClaims, the function only checks...

8.2CVSS5.8AI score0.00298EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/12 12:0 a.m.34 views

openSUSE 15: golang-github-prometheus-promu / prometheus-blackbox_exporter / etc (SUSE-SU-2023:2182-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2182-1 advisory. prometheus-blackboxexporter: - Security issues fixed: CVE-2022-46146: Fix authentication bypass via cache poisoning bsc1208062 - Other non-security...

8.8CVSS6.9AI score0.01339EPSS
Exploits1References12
OSV
OSV
added 2022/11/29 2:15 p.m.2 views

DEBIAN-CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

8.8CVSS8.2AI score0.01166EPSS
Exploits1References1
OSV
OSV
added 2022/11/29 12:0 a.m.33 views

CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

6.2CVSS8.9AI score0.01166EPSS
Exploits1References11
OSV
OSV
added 2018/02/05 3:29 a.m.4 views

CVE-2017-15536

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

8.8CVSS5.8AI score0.00936EPSS
Exploits0References1
Rows per page
Query Builder