110 matches found
CVE-2024-45738 Sensitive information disclosure in REST_Calls logging channel
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the internal index. This exposure could happen if you configure the Splunk Enterprise RESTCalls log channel at the DEBUG logging level...
Elastic Agent 8.15.0 Security Update (ESA-2024-23)
Elastic Agent Insertion of Sensitive Information into Log File ESA-2024-23 An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs. Affecte...
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...
CVE-2024-32474 Sentry's superuser cleartext password leaked in logs
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...
CVE-2024-32474
Sentry vulnerability CVE-2024-32474: Before 24.4.1, authenticating as a superuser with a username and password leaks the password in logs under the event event : auth-index.validate_superuser. An attacker with access to the log data could use these credentials to log in as superuser. Affected are...
CVE-2024-32474 Sentry's superuser cleartext password leaked in logs
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...
PT-2024-24600
Name of the Vulnerable Software and Affected Versions Sentry versions prior to 24.4.1 Description Sentry is an error tracking and performance monitoring platform. When authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event...
CVE-2024-29945
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at...
Apache Pulsar Access Control Error Vulnerability (CNVD-2024-14758)
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
GHSA-C35H-W8HJ-MM55 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...
CVE-2022-34321
A flaw was found in Apache Pulsar. Due to missing authentication checking, unauthenticated users can connect to the /proxy-stats endpoint. This endpoint exposes confidential information about the deployment and may allow the attacker to increase the logging level. As a result, the attacker may ha...
CVE-2022-34321 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...
PT-2024-2610 · Apache · Apache Pulsar
Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.6.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.2 Apache Pulsar versions 3.0.0 through 3.0.1 Apache Pulsar version 3.1.0 Description: The issue is related to an improper authentication vulnerability in t...
Apache Pulsar 访问控制错误漏洞
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...
CVE-2023-46668
CVE-2023-46668 affects Elastic Endpoint versions 7.9.0 through 8.10.3. When Endpoint is configured with a non-default option that enables debug logging and Elastic Agent is also configured to collect and ship those logs to Elasticsearch, API keys used by Elastic Agent can be viewed in Elasticsear...
Mattermost Log Information Disclosure Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost Desktop that stems from an inability to set the appropriate logging level during the initial runtime installation, resulting in logging of all keystrokes,...
CVE-2023-4640
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
Authorization
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
CVE-2023-4640 Set Logging Level Without Authentication
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
CVE-2023-4640 Set Logging Level Without Authentication
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...