Lucene search
K

110 matches found

Vulnrichment
Vulnrichment
added 2023/08/30 4:42 p.m.13 views

CVE-2023-4640 Set Logging Level Without Authentication

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

6.5CVSS6.9AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2023/08/30 4:42 p.m.18 views

CVE-2023-4640 Set Logging Level Without Authentication

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...

6.5CVSS5.9AI score0.00329EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.6 views

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte, Inc. A security vulnerability exists in YugabyteDB Anywhere versions 2.0.0 through 2.17.3, which stems from the controller responsible for setting the logging level does not includ...

7.5CVSS7.5AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.6 views

PT-2023-30002 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.0.0 through 2.17.3 Description: The issue is related to the lack of authorization checks in the controller responsible for setting the logging level. This controller does not ensure that the user is authenticate...

7.5CVSS7.4AI score0.00329EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/04/24 10:44 p.m.18 views

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...

3.3CVSS6AI score0.00212EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2023/04/24 12:0 a.m.24 views

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...

3.3CVSS6.8AI score0.00212EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/21 7:34 p.m.6 views

CVE-2023-30618 Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...

3.2CVSS3.9AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 2023/04/21 7:34 p.m.21 views

CVE-2023-30618 Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...

3.2CVSS4.3AI score0.00212EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/02/23 3:33 p.m.31 views

OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug...

6.8CVSS6.2AI score0.00633EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/02/23 2:52 p.m.32 views

CVE-2023-0815 Plaintext Password Present in the Web logs

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizo...

6.8CVSS6.7AI score0.00633EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.3 views

SUSE CVE-2007-5342

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

6.4CVSS7AI score0.05156EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-8565

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

4.7CVSS6.4AI score0.00512EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.5 views

SUSE CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

4.7CVSS9.3AI score0.00461EPSS
Exploits0References16
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/06 12:0 a.m.43 views

Insertion of Sensitive Information into Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

5.5CVSS1.2AI score0.00512EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/06 12:0 a.m.38 views

Insertion of Sensitive Information into Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

5.5CVSS1.2AI score0.00512EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.5 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/06/09 3:15 p.m.30 views

CVE-2020-15380

Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...

7.6AI score0.00986EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/14 1:11 p.m.3 views

kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider

A flaw was found in kubernetes. Clusters running on VSphere, using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log...

5.5CVSS6.8AI score0.00505EPSS
Exploits0References6
OSV
OSV
added 2020/12/07 10:15 p.m.3 views

DEBIAN-CVE-2020-8566

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...

5.5CVSS6.1AI score0.0052EPSS
Exploits0References1
OSV
OSV
added 2020/12/07 10:15 p.m.33 views

CVE-2020-8565

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

5.5CVSS6.4AI score
Exploits0References2
Rows per page
Query Builder