329 matches found
Slack Morphism 安全漏洞
Slack Morphism is a modern asynchronous client library for Rust with support for Slack Web/Events API/Socket Mode and Block Kit. An information disclosure vulnerability exists in Slack Morphism versions prior to 0.41.0, which stems from the potential disclosure of Slack OAuth client information i...
CVE-2022-31162 Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...
CVE-2022-31162
CVE-2022-31162 affects Slack Morphism (Rust) prior to 0.41.0. The root issue was overly verbose debug formatting that could cause Slack OAuth client information to leak into application logs. Exploitation guidance is not provided in the documents; however, various sources confirm an information d...
GHSA-99J7-MHFH-W84P Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...
PT-2022-20577 · Slack · Slack Morphism
Name of the Vulnerable Software and Affected Versions: Slack Morphism versions prior to 0.41.0 Description: The issue concerns the potential leakage of Slack OAuth client information into application debug logs due to insecure debug log formatting. This could lead to the accidental exposure of...
GHSA-RP9P-863F-9C4H Cross-site Scripting in Apache ActiveMQ
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
GHSA-CXM4-7QCW-267R salt password information leaked in debug logs
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
salt password information leaked in debug logs
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : oslo.utils vulnerability (USN-5369-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5369-1 advisory. It was discovered that oslo.utils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...
python-oslo-utils: incorrect password masking in debug output
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
CVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext...
PT-2022-13384 · Openstack +4 · Python-Oslo-Utils +4
Name of the Vulnerable Software and Affected Versions: python-oslo-utils affected versions not specified Description: A flaw was found in python-oslo-utils due to improper parsing. Passwords with a double quote " in them cause incorrect masking in debug logs, causing any part of the password afte...
Unauthorised AJAX Calls via Freemius
Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...
Unauthorised AJAX Calls via Freemius
Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...
Unauthorised AJAX Calls via Freemius
Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...
Unauthorised AJAX Calls via Freemius
Description The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in...
Diagnostic data to collect for Citrix Tech Support when a Citrix Browser App fails to launch
To find out what is going wrong when a Citrix browser app fails to launch, tech support needs: Decrypted Fiddler traces, the output from the terminal window, and Citrix Browser debug logs...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...