8 matches found
CVE-2022-24875
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...
Code injection
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...
CVE-2022-31004
CVE-2022-31004 affects the open source CVE services API project cve-services. A conditional in data.js can cause the generated randomKey to be written to disk when not running in development, potentially exposing plaintext secrets on disk in production. Public details do not list a released patch...
CVE-2022-24875
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...
Code injection
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...
CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...
CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...
CVE-2022-24875
The CVE-2022-24875 issue affects the CVEProject/cve-services project prior to and including version 1.1.1, where the org.conroller.js routine could log user secrets. The root cause is logging sensitive data; this has been fixed in commit 46d98f2b, with the fix expected in subsequent releases. Rem...