110 matches found
CVE-2023-4640 Set Logging Level Without Authentication
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
CVE-2023-4640 Set Logging Level Without Authentication
The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere:...
YugabyteDB 安全漏洞
YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte, Inc. A security vulnerability exists in YugabyteDB Anywhere versions 2.0.0 through 2.17.3, which stems from the controller responsible for setting the logging level does not includ...
PT-2023-30002 · Yugabyte · Yugabytedb
Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.0.0 through 2.17.3 Description: The issue is related to the lack of authorization checks in the controller responsible for setting the logging level. This controller does not ensure that the user is authenticate...
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...
CVE-2023-30618 Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...
CVE-2023-30618 Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug...
CVE-2023-0815 Plaintext Password Present in the Web logs
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizo...
SUSE CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
SUSE CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
SUSE CVE-2020-8564
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...
Insertion of Sensitive Information into Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
Insertion of Sensitive Information into Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2020-15380
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...
kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
A flaw was found in kubernetes. Clusters running on VSphere, using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log...
DEBIAN-CVE-2020-8566
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...