Lucene search
K

19 matches found

Snyk
Snyk
added 2026/06/22 4:15 a.m.5 views

Use of Hard-coded Credentials

Overview com.linecorp.centraldogma:centraldogma-server is a service configuration repository based on Git, ZooKeeper and HTTP/2 centraldogma-server. Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the ZooKeeperReplicationConfig.secret when the replication.secr...

9.6CVSS6.2AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 3:16 a.m.10 views

CVE-2026-11745

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

8.8CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 3:16 a.m.11 views

CVE-2026-11746

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

9.4CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 3:16 a.m.10 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:37 a.m.3 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS5.8AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 2:37 a.m.13 views

CVE-2026-11748

The CVE affects centraldogma-server-auth-shiro

6.9CVSS5.8AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:37 a.m.9 views

EUVD-2026-38208

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS5.8AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:37 a.m.33 views

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:35 a.m.7 views

EUVD-2026-38207

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

9.4CVSS6.1AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:35 a.m.25 views

CVE-2026-11746

CVE-2026-11746 affects centraldogma-server versions prior to 0.84.0. If ZooKeeper replication is enabled without setting replication.secret, the server falls back to a hard-coded, publicly known secret that authenticates the embedded ZooKeeper ensemble. This allows an attacker with network access...

9.4CVSS6.1AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:35 a.m.36 views

CVE-2026-11746

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

9.4CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:33 a.m.6 views

EUVD-2026-38206

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

8.8CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:33 a.m.34 views

CVE-2026-11745

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

8.8CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:33 a.m.12 views

CVE-2026-11745

The CVE-2026-11745 vulnerability affects centraldogma-server-mirror-git versions prior to 0.84.0. The Git mirror SSH client does not verify remote host keys for git+ssh:// connections, enabling an on-path attacker to perform man-in-the-middle attacks and potentially compromise mirrored repositori...

8.8CVSS5.8AI score0.00139EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.10 views

com.infobip.kafkistry:kafkistry-app (>=0.7.0 <=0.10.1), com.infobip.kafkistry:kafkistry-auditing (>=0.7.0 <=0.10.1) +19 more potentially affected by CVE-2026-48827 via org.apache.sshd:sshd-git (>=2.10.0 <=2.17.1)

org.apache.sshd:sshd-git MAVEN version =2.10.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.9.9, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.62.0, =2.25.0, =1.1.0, =1.1.1 and more Source cves: CVE-2026-48827 Source advisory: SNYK:JAVA-ORGAPACHESSHD-17151844...

7.1CVSS5.7AI score0.00527EPSS
Exploits0
Snyk
Snyk
added 2025/12/04 12:42 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the Shiro web login for logged-in users with incorrect permissions. An attacker can redirect users to malicious websites by crafting specially designed URLs. Remediation Upgrade...

8.2CVSS6.5AI score0.00146EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/02/26 8:4 p.m.9 views

com.linecorp.centraldogma:centraldogma-server-auth-saml (>=0.33.0 <=0.64.2) potentially affected by CVE-2024-1735 via com.linecorp.armeria:armeria-saml (>=0.76.2 <=1.27.1)

com.linecorp.armeria:armeria-saml MAVEN version =0.76.2, =0.33.0, =0.64.2 Source cves: CVE-2024-1735 Source advisory: OSV:GHSA-4M6J-23P2-8C54...

9.1CVSS7.7AI score0.00834EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/02 4:55 p.m.7 views

com.linecorp.centraldogma:centraldogma-server-auth-saml (>=0.33.0 <=0.64.0), com.linecorp.centraldogma:centraldogma-server-auth-shiro (>=0.33.0 <=0.64.0) +7 more potentially affected by CVE-2024-1143 via com.linecorp.centraldogma:centraldogma-server (>=0.17.0 <=0.64.0)

com.linecorp.centraldogma:centraldogma-server MAVEN version =0.17.0, =0.33.0, =0.33.0, =0.61.0, =0.62.0, =0.17.0, =0.44.0, =0.44.0, =0.44.0, =0.64.0 - com.linecorp.centraldogma:centraldogma-xds =0.64.0 Source cves: CVE-2024-1143 Source advisory: OSV:GHSA-34Q3-P352-C7Q8...

9.3CVSS6.9AI score0.00491EPSS
Exploits0
Veracode
Veracode
added 2021/09/09 4:49 a.m.15 views

Privilege Escalation

centraldogma-server is vulnerable to privilege escalation. A user with file managing privileges of the project is able to mirror to internal repositories...

8.8CVSS3AI score0.0089EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder