329 matches found
Information disclosure
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...
CVE-2022-33187 Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...
PT-2022-21729 · Brocade · Brocade Sannav
Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.2.1 Description: The issue allows an attacker with admin privilege to read sensitive information, including usernames and encoded passwords, which are logged in debug-enabled logs. Recommendations: For...
Broadcom Brocade SANnav 日志信息泄露漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.2.1, which originates from logging usernames and encoded passwords in debug-enabled logs, and can be exploited by an attacker to read...
CVE-2022-23469
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
Authorization
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
CVE-2022-23469 Authorization header displayed in the debug logs
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
CVE-2022-23469
Traefik (open source HTTP reverse proxy/load balancer) prior to version 2.9.6 is vulnerable to leaking credentials via the Authorization header in debug logs. The issue arises when log level is DEBUG, causing credentials sent in Authorization headers to be written to logs. Remediation per the sou...
CVE-2022-23469
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
CVE-2022-23469 Authorization header displayed in the debug logs
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
CVE-2022-23469 Authorization header displayed in the debug logs
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...
GHSA-H2PH-VHM7-G4HP Traefik may display authorization header in the debug logs
Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...
Traefik may display authorization header in the debug logs
Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...
Containous Traefik 日志信息泄露漏洞
Containous Traefik is a reverse proxy and load balancer from US-based Containous. A log information disclosure vulnerability exists in versions of Containous Traefik prior to 2.9.6, which stems from the display of an authorization header in its debug logs...
PT-2022-16010 · Traefik +1 · Traefik +1
Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.9.6 Description: There is a potential issue in Traefik where the Authorization header is displayed in its debug logs. This occurs when the log level is set to DEBUG, and credentials provided using the Authorization...
CVE-2022-33757
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...
Design/Logic Flaw
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...
Exposure of sensitive Slack webhook URLs in debug logs and traces
Impact Debug logs expose sensitive URLs for Slack webhooks that contain private information. Patches The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks. Workarounds Disabling/filtering debug logs in case you use Slack webhooks using tracing log level and filters. References...
GHSA-4MJX-2GH5-PH8H Exposure of sensitive Slack webhook URLs in debug logs and traces
Impact Debug logs expose sensitive URLs for Slack webhooks that contain private information. Patches The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks. Workarounds Disabling/filtering debug logs in case you use Slack webhooks using tracing log level and filters. References...
CVE-2022-39292
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...