Lucene search
K

329 matches found

CNNVD
CNNVD
added 2022/07/22 12:0 a.m.5 views

Slack Morphism 安全漏洞

Slack Morphism is a modern asynchronous client library for Rust with support for Slack Web/Events API/Socket Mode and Block Kit. An information disclosure vulnerability exists in Slack Morphism versions prior to 0.41.0, which stems from the potential disclosure of Slack OAuth client information i...

7.5CVSS5.6AI score0.00739EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/07/21 1:20 p.m.28 views

CVE-2022-31162 Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

7.5CVSS7.5AI score0.00739EPSS
Exploits0References2
CVE
CVE
added 2022/07/21 1:20 p.m.449 views

CVE-2022-31162

CVE-2022-31162 affects Slack Morphism (Rust) prior to 0.41.0. The root issue was overly verbose debug formatting that could cause Slack OAuth client information to leak into application logs. Exploitation guidance is not provided in the documents; however, various sources confirm an information d...

7.5CVSS7.2AI score0.00739EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/20 1:30 a.m.21 views

GHSA-99J7-MHFH-W84P Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs

Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...

7.5CVSS7.3AI score0.00739EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/07/20 1:30 a.m.35 views

Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs

Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...

7.5CVSS7.2AI score0.00739EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.4 views

PT-2022-20577 · Slack · Slack Morphism

Name of the Vulnerable Software and Affected Versions: Slack Morphism versions prior to 0.41.0 Description: The issue concerns the potential leakage of Slack OAuth client information into application debug logs due to insecure debug log formatting. This could lead to the accidental exposure of...

7.5CVSS7.3AI score0.00739EPSS
Exploits0References11
OSV
OSV
added 2022/05/17 3:46 a.m.29 views

GHSA-RP9P-863F-9C4H Cross-site Scripting in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

4.3CVSS8.1AI score0.06018EPSS
Exploits1References9
OSV
OSV
added 2022/05/17 1:59 a.m.4 views

GHSA-CXM4-7QCW-267R salt password information leaked in debug logs

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

9.8CVSS9.3AI score0.0222EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 1:59 a.m.17 views

salt password information leaked in debug logs

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

9.8CVSS6.6AI score0.0222EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/07 12:0 a.m.29 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : oslo.utils vulnerability (USN-5369-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5369-1 advisory. It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

4.9CVSS5.9AI score0.01335EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/03/23 10:12 p.m.1 views

python-oslo-utils: incorrect password masking in debug output

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS5.7AI score0.01335EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/03/23 12:0 a.m.22 views

CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...

4.9CVSS6.2AI score0.01335EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.2 views

PT-2022-13384 · Openstack +4 · Python-Oslo-Utils +4

Name of the Vulnerable Software and Affected Versions: python-oslo-utils affected versions not specified Description: A flaw was found in python-oslo-utils due to improper parsing. Passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password afte...

6.9CVSS7AI score0.01335EPSS
Exploits1References35
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.56 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7AI score
Exploits0
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.404 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/02/28 12:0 a.m.72 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7AI score
Exploits0
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.2325 views

Unauthorised AJAX Calls via Freemius

Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...

7.2AI score
Exploits0
Citrix
Citrix
added 2021/12/15 12:0 a.m.9 views

Diagnostic data to collect for Citrix Tech Support when a Citrix Browser App fails to launch

To find out what is going wrong when a Citrix browser app fails to launch, tech support needs: Decrypted Fiddler traces, the output from the terminal window, and Citrix Browser debug logs...

7AI score
Exploits0
NVD
NVD
added 2021/11/02 12:15 p.m.11 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.5CVSS0.00588EPSS
Exploits0References2
OSV
OSV
added 2021/11/02 12:15 p.m.2 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.5CVSS7.1AI score0.00588EPSS
Exploits0References2
Rows per page
Query Builder