Lucene search
K

110 matches found

Cvelist
Cvelist
added 2024/10/14 5:3 p.m.36 views

CVE-2024-45738 Sensitive information disclosure in REST_Calls logging channel

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the internal index. This exposure could happen if you configure the Splunk Enterprise RESTCalls log channel at the DEBUG logging level...

4.9CVSS0.00488EPSS
Exploits0References2
Elastic
Elastic
added 2024/08/08 11:33 p.m.12 views

Elastic Agent 8.15.0 Security Update (ESA-2024-23)

Elastic Agent Insertion of Sensitive Information into Log File ESA-2024-23 An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs. Affecte...

6.5CVSS6.9AI score0.00563EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/24 8:2 p.m.22 views

Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

5.5CVSS7AI score0.00505EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/18 7:50 p.m.15 views

CVE-2024-32474 Sentry's superuser cleartext password leaked in logs

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...

7.3CVSS6.9AI score0.00428EPSS
Exploits0References4
CVE
CVE
added 2024/04/18 7:50 p.m.77 views

CVE-2024-32474

Sentry vulnerability CVE-2024-32474: Before 24.4.1, authenticating as a superuser with a username and password leaks the password in logs under the event event : auth-index.validate_superuser. An attacker with access to the log data could use these credentials to log in as superuser. Affected are...

7.3CVSS6.8AI score0.00428EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/04/18 7:50 p.m.22 views

CVE-2024-32474 Sentry's superuser cleartext password leaked in logs

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...

7.3CVSS6.7AI score0.00428EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.5 views

PT-2024-24600

Name of the Vulnerable Software and Affected Versions Sentry versions prior to 24.4.1 Description Sentry is an error tracking and performance monitoring platform. When authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event...

7.3CVSS6AI score0.00428EPSS
Exploits0References17
OSV
OSV
added 2024/03/27 5:15 p.m.4 views

CVE-2024-29945

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at...

7.2CVSS5.7AI score0.00942EPSS
Exploits0References2
CNVD
CNVD
added 2024/03/14 12:0 a.m.7 views

Apache Pulsar Access Control Error Vulnerability (CNVD-2024-14758)

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

8.2CVSS6.8AI score0.01765EPSS
Exploits0References1
OSV
OSV
added 2024/03/12 9:30 p.m.1 views

GHSA-C35H-W8HJ-MM55 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

8.2CVSS5.8AI score0.01765EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/03/12 8:40 p.m.21 views

CVE-2022-34321

A flaw was found in Apache Pulsar. Due to missing authentication checking, unauthenticated users can connect to the /proxy-stats endpoint. This endpoint exposes confidential information about the deployment and may allow the attacker to increase the logging level. As a result, the attacker may ha...

8.2CVSS8.1AI score0.01765EPSS
Exploits0References4
OSV
OSV
added 2024/03/12 6:17 p.m.4 views

CVE-2022-34321 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

8.2CVSS7.1AI score0.01765EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.5 views

PT-2024-2610 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.6.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.2 Apache Pulsar versions 3.0.0 through 3.0.1 Apache Pulsar version 3.1.0 Description: The issue is related to an improper authentication vulnerability in t...

8.5CVSS7.1AI score0.01765EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.3 views

Apache Pulsar 访问控制错误漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

8.2CVSS7AI score0.01765EPSS
Exploits0References5
CVE
CVE
added 2023/10/25 11:59 p.m.63 views

CVE-2023-46668

CVE-2023-46668 affects Elastic Endpoint versions 7.9.0 through 8.10.3. When Endpoint is configured with a non-default option that enables debug logging and Elastic Agent is also configured to collect and ship those logs to Elasticsearch, API keys used by Elastic Agent can be viewed in Elasticsear...

9.1CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.3 views

Mattermost Log Information Disclosure Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost Desktop that stems from an inability to set the appropriate logging level during the initial runtime installation, resulting in logging of all keystrokes,...

5.5CVSS6.9AI score0.00144EPSS
Exploits0References2
NVD
NVD
added 2023/08/30 5:15 p.m.19 views

CVE-2023-4640

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

7.5CVSS6.7AI score0.00329EPSS
Exploits0References1
Prion
Prion
added 2023/08/30 5:15 p.m.15 views

Authorization

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

5CVSS7.5AI score0.00329EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/30 4:42 p.m.17 views

CVE-2023-4640 Set Logging Level Without Authentication

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

6.5CVSS5.9AI score0.00329EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/30 4:42 p.m.12 views

CVE-2023-4640 Set Logging Level Without Authentication

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

6.5CVSS6.9AI score0.00329EPSS
Exploits0References1
Rows per page
Query Builder