Lucene search
K

236 matches found

CVE
CVE
added 2024/09/04 4:4 p.m.54 views

CVE-2024-45053

Fides (open‑source privacy engineering platform) is affected by a Server‑Side Template Injection in the Email Templating feature using Jinja2, allowing Remote Code Execution by privileged Admin UI users. Cloaked between versions 2.19.0 and before 2.44.0, the issue arises from insufficient input s...

9.1CVSS8.8AI score0.01342EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/09/04 4:4 p.m.49 views

CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS0.01342EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/04 3:43 p.m.15 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS7.2AI score0.00552EPSS
Exploits1References2
CVE
CVE
added 2024/09/04 3:43 p.m.57 views

CVE-2024-45052

Affected software : Fides Webserver authentication (part of the Fides platform). Vulnerability : timing-based username enumeration where an unauthenticated attacker can deduce valid usernames by measuring login response times. Root cause / mechanics : observable timing discrepancy between respons...

5.3CVSS5.3AI score0.00552EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/04 3:43 p.m.28 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS6.9AI score0.00552EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/04 3:43 p.m.49 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS0.00552EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.3 views

Ethyca Fides 安全漏洞

Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides version 2.19.0 through versions pri...

9.1CVSS6.6AI score0.01342EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.5 views

Ethyca Fides 安全漏洞

Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...

5.3CVSS6.3AI score0.00552EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.6 views

PT-2024-31404

Name of the Vulnerable Software and Affected Versions Fides versions prior to 2.44.0 Description A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS5.9AI score0.00552EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-31405

Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.43.x Description The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS6.5AI score0.01342EPSS
Exploits1References15
OSV
OSV
added 2024/07/05 8:40 p.m.21 views

GHSA-53Q7-4874-24QG Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...

5.3CVSS5.2AI score0.01114EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/07/05 8:40 p.m.40 views

Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...

5.3CVSS6.6AI score0.01114EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/07/03 6:15 p.m.21 views

CVE-2024-31223

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

5.3CVSS0.01114EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/03 5:34 p.m.15 views

CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

5.3CVSS6.5AI score0.01114EPSS
Exploits1References2
CVE
CVE
added 2024/07/03 5:34 p.m.62 views

CVE-2024-31223

Fides Privacy Center vulnerability CVE-2024-31223: Versions 2.19.0 through before 2.39.2rc0 expose SERVER_SIDE_FIDES_API_URL to unauthenticated HTTP GET requests, leaking private server configuration (IP addresses, ports, private domains). Root cause: server-side environment variable disclosure t...

5.3CVSS5.1AI score0.01114EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/07/03 5:34 p.m.37 views

CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

5.3CVSS0.01114EPSS
Exploits1References2
OSV
OSV
added 2024/07/03 5:34 p.m.25 views

CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

5.3CVSS6.3AI score0.01114EPSS
Exploits1References4
Veracode
Veracode
added 2024/07/03 3:45 p.m.20 views

Supply Chain Attack

Fides is vulnerable to Supply Chain Attack. The vulnerability is due to mishandling of client-side script dependencies and the use of a compromised third-party domain like polyfill.io. The vulnerability allows an attacker to serve malicious scripts to users of legacy browsers when they load...

6.5AI score0.01427EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.4 views

PT-2024-23864

Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.39.2rc0 Description A vulnerability in Fides allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of the SERVER SIDE FIDES API URL server-side...

5.3CVSS6.2AI score0.01114EPSS
Exploits1References14
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.5 views

Fides Security Vulnerabilities

Ethyca Fides is an open source privacy engineering platform from Ethyca that manages the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides versions prior to 2.39.2rc0, which stems from a...

5.3CVSS6.5AI score0.01114EPSS
Exploits1References3
Rows per page
Query Builder