330 matches found
Paid Memberships Pro < 2.12.7 - Information Exposure in Debug Logs
Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.12.6 via debug logs. This makes it possible for unauthenticated attackers to extract sensitive data including user passwords through debug logs...
USN-6662-1 openjdk-21 vulnerabilities
Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...
PT-2024-15242 · WordPress · Backup Bolt
Name of the Vulnerable Software and Affected Versions: Backup Bolt WordPress plugin versions 1.3.0 and earlier Description: The issue allows unauthenticated attackers to access debug logs, potentially exposing sensitive information such as system errors. This could lead to information exposure,...
Backup Bolt < 1.4.0 - Sensitive Data Exposure
Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. PoC Access the error lo...
santuario: Private Key disclosure in debug-log output
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
santuario: Private Key disclosure in debug-log output
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
santuario: Private Key disclosure in debug-log output
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
santuario: Private Key disclosure in debug-log output
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
santuario: Private Key disclosure in debug-log output
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
CVE-2024-1141
A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...
SUSE CVE-2024-23840
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...
Sensitive Information Into Log File
github.com/goreleaser/goreleaser is vulnerable to Information Exposure. The vulnerability is due to a flaw in the handling of debug logs WithField"env", c.Env which is used to log environment variables., The goreleaser release --debug command includes sensitive information such as secrets or...
`goreleaser release --debug` shows secrets
Summary Hello 👋 goreleaser release --debug log shows secret values used in the in the custom publisher. How to reproduce the issue: - Define a custom publisher as the one below. Make sure to provide a custom script to the cmd field and to provide a secret to env .goreleaser.yml publishers: - name...
Debug Log Manager < 2.2.2 - Debug Log Clearing via CSRF
Description The plugin does not have CSRF checks when clearing debug logs, which could allow attackers to make logged in admins perform such action via a CSRF attack...
EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure
Description The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, file...
CVE-2023-45585
An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...
UBUNTU-CVE-2023-44483
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...
CVE-2023-41263
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information...
CVE-2023-41263
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information...
CVE-2023-41263
An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information...