Lucene search
K

236 matches found

CVE
CVE
added 2025/09/08 9:11 p.m.29 views

CVE-2025-57815

CVE-2025-57815 (Fides) describes a lack of anti-automation protections on the Admin UI login endpoint prior to version 2.69.1, enabling brute-force style credential testing (credential stuffing/password spraying) against accounts with weak or compromised passwords. Affected product: Fides (Open S...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/08 8:46 p.m.8 views

GHSA-HJFH-P8F5-24WR Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...

8.6CVSS7.1AI score0.00392EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/08 8:45 p.m.21 views

Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...

7.5CVSS7AI score0.00406EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/09/08 8:45 p.m.6 views

Brute Force

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...

6.5CVSS7AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/08 8:5 p.m.3 views

Insufficient Session Expiration

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the insufficient session management. The authentication system validates tokens based on their cryptographic integrity and...

6.3CVSS6.6AI score0.00275EPSS
Exploits1References2
OSV
OSV
added 2025/09/08 8:5 p.m.4 views

GHSA-RPW8-82V9-3Q87 Fides' Admin UI User Password Change Does Not Invalidate Current Session

Summary Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...

6.3CVSS6.1AI score0.00275EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.5 views

Fides 安全漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.69.1 that stems from a...

6.5CVSS6.4AI score0.00277EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.4 views

Fides 代码问题漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A code issue vulnerability exists in Fides versions prior to 2.69.1, which stems from a...

6.3CVSS6.8AI score0.00275EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.6 views

Fides 安全漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides versions prior to 2.69.1 that stems from an...

8.6CVSS6.7AI score0.00392EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.4 views

Fides 安全漏洞

Fides is an open source privacy engineering platform open-sourced by Ethyca to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Fides versions prior to 2.69.1, which stems from an I...

7.5CVSS6.3AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.14 views

PT-2025-36507

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. Admin UI user password changes do not invalidate active user sessions prior to version 2.69.1, creating a vulnerability chaining opportunity...

6.3CVSS5.8AI score0.00275EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.15 views

PT-2025-36510

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly...

8.6CVSS5.9AI score0.00392EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.8 views

PT-2025-36509

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The built-in IP-based rate limiting in the Fides Webserver API is ineffective in environments utilizing CDNs, proxies, or load balancers. The...

7.5CVSS6AI score0.00406EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2025/05/29 12:0 a.m.7 views

Securing AI Agents with Information-Flow Control

As AI agents become increasingly autonomous and capable, ensuring their security against vulnerabilities such as prompt injection becomes critical. This paper explores the use of information-flow control IFC to provide security guarantees for AI agents. We present a formal model to reason about t...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.9 views

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS6.9AI score0.00552EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 7:40 a.m.4 views

CVE-2024-31223

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

5.3CVSS6.5AI score0.01114EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.11 views

CVE-2023-36827

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

7.5CVSS7.1AI score0.01491EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.6 views

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

8.8CVSS7.4AI score0.00837EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.6 views

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

6.1CVSS6.7AI score0.00609EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:37 a.m.9 views

CVE-2024-45053

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS8.2AI score0.01342EPSS
Exploits1References1
Rows per page
Query Builder