santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

DEBIAN-CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

CVE-2024-1141

CVE-2024-1141 concerns the python-glance-store library, where logging the access_key occurs when DEBUG is enabled. Multiple sources (Red Hat RHSA-2024:2732, USN-6630-1, OSSV references, and related Nessus plugins) confirm the issue and link it to Glance_store’s handling of sensitive data in logs,...

PT-2024-16967 · Unknown +3 · Python-Glance-Store +3

Name of the Vulnerable Software and Affected Versions: python-glance-store affected versions not specified Description: A vulnerability was found in python-glance-store. The issue occurs when the package logs the access key for the glance-store when the DEBUG log level is enabled. Recommendations...

python-glance-store security vulnerability

python-glance-store is an open source library from pypi. A security vulnerability exists in python-glance-store that originates from storing access keys with DEBUG logging...

Important: java-1.8.0-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

PT-2023-31410 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.17.16 Elasticsearch versions prior to 8.11.2 Description: An issue was discovered whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents...

SUSE CVE-2023-46675

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

CVE-2023-46675

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

CVE-2023-49922

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Elasticsearch 8.11.2, 7.17.16 Security Update (ESA-2023-29)

Elasticsearch Insertion of Sensitive Information into Log File ESA-2023-29 An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has...

Elastic Security Breach

Elastic is the Netherlands Elastic company's set of open source distributed RESTful search engine built on Lucene . The product is mainly used in cloud computing , and supports data indexing via HTTP using JSON. A security vulnerability exists in Elastic versions 7.0.0 through 7.17.16 and 8.0.0...

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

PT-2023-8433 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.10 Nextcloud Server versions 26.0.0 through 26.0.5 Nextcloud Server versions 27.0.0 through 27.0.0 prior to 27.1.0 Nextcloud Enterprise Server versions 25.0.0 through 25.0.10 Nextcloud Enterprise...

Design/Logic Flaw

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

PT-2023-16268 · Mongodb · Mongodb Atlas Kubernetes Operator

Name of the Vulnerable Software and Affected Versions: MongoDB Atlas Kubernetes Operator versions 1.5.0 through 1.7.0 Description: The issue affects MongoDB Atlas Kubernetes Operator, causing it to print sensitive information like GCP service account keys and API integration secrets when DEBUG mo...

CVE-2023-46668

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

GHSA-XFRJ-6VVC-3XM2 Apache Santuario - XML Security for Java are vulnerable to private key disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

DEBIAN-CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

Endpoint v8.10.4 Security Update

Elastic Endpoint Insertion of Sensitive Information into Log File ESA-2023-21 If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to...