CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

OSV•added 2024/08/21 3:11 p.m.•8 views

GO-2022-0491 Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go

Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users in github.com/edgexfoundry/app-functions-sdk-go...

5.9CVSS4.8AI score0.00161EPSS

Exploits0References4

OSV•added 2022/06/17 1:11 a.m.•23 views

GHSA-G63H-Q855-VP3Q Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message b...

5.9CVSS5.1AI score0.00161EPSS

Exploits0References5

Github Security Blog•added 2022/06/17 1:11 a.m.•83 views

Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users

5.9CVSS5.1AI score0.00161EPSS

Exploits0References5Affected Software2

Cvelist•added 2022/06/14 9:55 p.m.•12 views

CVE-2022-31066 Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to...

5.9CVSS6AI score0.00161EPSS

Exploits0References3

Positive Technologies•added 2022/06/14 12:0 a.m.•3 views

PT-2022-3231 · Unknown · Edgexfoundry

Name of the Vulnerable Software and Affected Versions: EdgeXFoundry versions prior to 2.1.1 Description: The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users, bypassing access controls on message bus credentials when running in security-enabled mode. This...

5.9CVSS6.9AI score0.00161EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by