236 matches found
CVE-2024-45053
Fides (open‑source privacy engineering platform) is affected by a Server‑Side Template Injection in the Email Templating feature using Jinja2, allowing Remote Code Execution by privileged Admin UI users. Cloaked between versions 2.19.0 and before 2.44.0, the issue arises from insufficient input s...
CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability
Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
CVE-2024-45052
Affected software : Fides Webserver authentication (part of the Fides platform). Vulnerability : timing-based username enumeration where an unauthenticated attacker can deduce valid usernames by measuring login response times. Root cause / mechanics : observable timing discrepancy between respons...
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability
Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability
Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
Ethyca Fides 安全漏洞
Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides version 2.19.0 through versions pri...
Ethyca Fides 安全漏洞
Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...
PT-2024-31404
Name of the Vulnerable Software and Affected Versions Fides versions prior to 2.44.0 Description A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
PT-2024-31405
Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.43.x Description The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...
GHSA-53Q7-4874-24QG Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...
CVE-2024-31223
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
CVE-2024-31223
Fides Privacy Center vulnerability CVE-2024-31223: Versions 2.19.0 through before 2.39.2rc0 expose SERVER_SIDE_FIDES_API_URL to unauthenticated HTTP GET requests, leaking private server configuration (IP addresses, ports, private domains). Root cause: server-side environment variable disclosure t...
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...
Supply Chain Attack
Fides is vulnerable to Supply Chain Attack. The vulnerability is due to mishandling of client-side script dependencies and the use of a compromised third-party domain like polyfill.io. The vulnerability allows an attacker to serve malicious scripts to users of legacy browsers when they load...
PT-2024-23864
Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.39.2rc0 Description A vulnerability in Fides allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of the SERVER SIDE FIDES API URL server-side...
Fides Security Vulnerabilities
Ethyca Fides is an open source privacy engineering platform from Ethyca that manages the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides versions prior to 2.39.2rc0, which stems from a...