Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

CVE-2024-23194

Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...

CVE-2024-23194

CVE-2024-23194 describes an improper output neutralization for logs (CWE-117) in the Gallagher Command Centre API Diagnostics Endpoint. The issue affects Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1). The NVD/NVD-derived data show a local attacker with low privileges and no user inte...

PT-2022-11919 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.0.beta10 Discourse versions prior to 2.7.12 Description: The issue affects Discourse, an open source platform for community discussion, where admin users can trigger a Denial of Service attack via the...

Discourse 输入验证错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...

Drobo 5N2 Improper Access Control Vulnerability (CNVD-2019-05929)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. An access control error vulnerability exists in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker can...

CVE-2018-14695

Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter...

PT-2018-4011 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 version EU v. 1.01 Description: The issue concerns a buffer overflow in the diagnostics functionality of the affected device. This allows authenticated remote attackers to execute arbitrary code by sending a long Addr value to...