8628 matches found
CVE-2026-9073
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...
CVE-2026-9073
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...
CVE-2026-12112
CVE-2026-12112 affects the foreman-mcp-server MCP Server. The issue is a session management vulnerability where an improper cache of authenticated client connections allows an unauthenticated attacker to hijack active administrative sessions by trusting a non-secret session ID without re-validati...
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
EUVD-2026-38448
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609
The vulnerability CVE-2026-10609 affects the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, enabling a delegated editor to exfiltrate...
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
GHSA-WFPW-MMFH-QQ69 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-WJV4-X9W8-WM3H vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-P67V-3W7G-WJG7 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-9CV2-CFXC-V4V2 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-PHWJ-RPRQ-35PP vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-8678-W3JW-XFC2 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-5V8H-3H3Q-446P vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
GHSA-5PRR-V3J2-97MH vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...
SUSE CVE-2026-12725
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...
PT-2026-51592
Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Description Two distinct logging mechanisms in the software can expose sensitive session and authentication data. One mechanism logs session identifiers, which function as authentication...
PT-2026-51588
Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Red Hat Satellite affected versions not specified Description A session management issue in the MCP Server allows unauthenticated attackers to hijack active administrative sessions. This occur...