3 matches found
CVE-2026-40945
Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This...
CVE-2024-9453
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...
PT-2023-30439 · Headscale · Headscale
Name of the Vulnerable Software and Affected Versions: Headscale versions through 0.22.3 Description: The issue allows Headscale to write bearer tokens to info-level logs. Recommendations: For versions through 0.22.3, consider restricting log access to minimize the risk of exploitation. At the...