Lucene search
K

3 matches found

BDU FSTEC
BDU FSTEC
added 2023/04/27 12:0 a.m.5 views

The vulnerability of the SpiceDB database, related to deficiencies in the error reporting mechanism, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the SpiceDB database is related to deficiencies in the mechanism for generating error reports when processing the /debug/pprof/cmdline command with the --grpc-preshared-key parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

8.7CVSS7.2AI score0.00762EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2023/04/19 4:35 p.m.32 views

Information Disclosure

github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability exists in the MetricsHandler function in defaults.go because it exposes the --grpc-preshared-key flag in the spicedb serve command which allows an attacker to gain access to the secret key and preform unauthoriz...

8.7CVSS7.5AI score0.00762EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/14 7:1 p.m.13 views

CVE-2023-29193 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...

8.7CVSS8.8AI score0.00762EPSS
Exploits0References3
Rows per page
Query Builder