CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS5.4AI score0.00012EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-45581

5.5CVSS0.00012EPSS

Exploits0References1

CVE•added 2 days ago•8 views

CVE-2026-45581

CVE-2026-45581 affects fabric-chaincode-java (Hyperledger Fabric chaincode runtime). In versions 2.3.1 through 2.5.09, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server’s INFO logs include the TLS private key password in plaintext, enabling an attacker with log a...

5.5CVSS5.4AI score0.00012EPSS

Exploits0References1

Cvelist•added 2 days ago•32 views

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

5.5CVSS0.00012EPSS

Exploits0References1

Vulnrichment•added 2 days ago•2 views

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

5.5CVSS5.4AI score0.00012EPSS

Exploits0References1

EUVD•added 2 days ago•5 views

EUVD-2026-35139

5.5CVSS5.4AI score0.00012EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-45581

5.5CVSS5.4AI score0.00012EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/19 3:40 p.m.•4 views

GHSA-WG5X-3G47-V38R fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References3

Github Security Blog•added 2026/05/19 3:40 p.m.•7 views

fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

5.5CVSS5.8AI score0.00012EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41961

Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...

5.5CVSS5.5AI score0.00012EPSS

Exploits0References5

Hacker One•added 2022/09/03 1:25 p.m.•26 views

Hyperledger: Relative Path Traversal vulnerability in fabric-private-chaincode

Unsanitized input from os.Args3 : 75 CLI argument flows into os.OpenFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to open arbitrary files. The following steps of code lines with respective code confirm the issue: -...

1.8AI score

Exploits0

IBM Security Bulletins•added 2020/12/03 4:1 p.m.•39 views

Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.

Summary The version of Gradle shipped in the Fabric java chaincode environment image version 2.2. javaenv.2.2 depends on a vulnerable version of the google ouatth client. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to...

9.1CVSS0.7AI score0.00091EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by