Lucene search
K

329 matches found

Prion
Prion
added 2022/12/09 2:15 a.m.19 views

Information disclosure

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

3.3CVSS5AI score0.00461EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/09 1:48 a.m.11 views

CVE-2022-33187 Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

5.5CVSS6.9AI score0.00461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.6 views

PT-2022-21729 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.2.1 Description: The issue allows an attacker with admin privilege to read sensitive information, including usernames and encoded passwords, which are logged in debug-enabled logs. Recommendations: For...

5.5CVSS5AI score0.00461EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/09 12:0 a.m.6 views

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.2.1, which originates from logging usernames and encoded passwords in debug-enabled logs, and can be exploited by an attacker to read...

5.5CVSS5.4AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 2022/12/08 10:15 p.m.15 views

CVE-2022-23469

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

6.5CVSS0.00977EPSS
Exploits1References3
Prion
Prion
added 2022/12/08 10:15 p.m.29 views

Authorization

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

4CVSS6.5AI score0.00977EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/08 9:33 p.m.9 views

CVE-2022-23469 Authorization header displayed in the debug logs

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

3.5CVSS7AI score0.00977EPSS
Exploits1References3
CVE
CVE
added 2022/12/08 9:33 p.m.133 views

CVE-2022-23469

Traefik (open source HTTP reverse proxy/load balancer) prior to version 2.9.6 is vulnerable to leaking credentials via the Authorization header in debug logs. The issue arises when log level is DEBUG, causing credentials sent in Authorization headers to be written to logs. Remediation per the sou...

6.5CVSS5.2AI score0.00977EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2022/12/08 9:33 p.m.46 views

CVE-2022-23469

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

6.5CVSS5.3AI score0.00977EPSS
Exploits1
Cvelist
Cvelist
added 2022/12/08 9:33 p.m.25 views

CVE-2022-23469 Authorization header displayed in the debug logs

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

3.5CVSS6.9AI score0.00977EPSS
Exploits1References3
OSV
OSV
added 2022/12/08 9:33 p.m.17 views

CVE-2022-23469 Authorization header displayed in the debug logs

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

3.5CVSS6.6AI score0.00977EPSS
Exploits1References5
OSV
OSV
added 2022/12/08 4:11 p.m.23 views

GHSA-H2PH-VHM7-G4HP Traefik may display authorization header in the debug logs

Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...

3.5CVSS5AI score0.00977EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/12/08 4:11 p.m.109 views

Traefik may display authorization header in the debug logs

Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...

6.5CVSS0.00977EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.4 views

Containous Traefik 日志信息泄露漏洞

Containous Traefik is a reverse proxy and load balancer from US-based Containous. A log information disclosure vulnerability exists in versions of Containous Traefik prior to 2.9.6, which stems from the display of an authorization header in its debug logs...

6.5CVSS6.8AI score0.00977EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.9 views

PT-2022-16010 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.9.6 Description: There is a potential issue in Traefik where the Authorization header is displayed in its debug logs. This occurs when the log level is set to DEBUG, and credentials provided using the Authorization...

8.1CVSS6.6AI score0.91969EPSS
Exploits4References38
OSV
OSV
added 2022/10/25 5:15 p.m.4 views

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

6.5CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/10/25 5:15 p.m.25 views

Design/Logic Flaw

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

4CVSS6.1AI score0.00783EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/10/10 9:7 p.m.40 views

Exposure of sensitive Slack webhook URLs in debug logs and traces

Impact Debug logs expose sensitive URLs for Slack webhooks that contain private information. Patches The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks. Workarounds Disabling/filtering debug logs in case you use Slack webhooks using tracing log level and filters. References...

7.5CVSS7.2AI score0.00657EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/10/10 9:7 p.m.14 views

GHSA-4MJX-2GH5-PH8H Exposure of sensitive Slack webhook URLs in debug logs and traces

Impact Debug logs expose sensitive URLs for Slack webhooks that contain private information. Patches The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks. Workarounds Disabling/filtering debug logs in case you use Slack webhooks using tracing log level and filters. References...

7.5CVSS7.4AI score0.00657EPSS
Exploits0References7
NVD
NVD
added 2022/10/10 3:15 p.m.19 views

CVE-2022-39292

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...

7.5CVSS0.00657EPSS
Exploits0References2
Rows per page
Query Builder