Lucene search
+L

284 matches found

NVD
NVD
added 2025/09/03 3:15 p.m.4 views

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.00223EPSS
Exploits0References2
OSV
OSV
added 2025/09/03 3:15 p.m.6 views

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS6.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/03 3:2 p.m.3 views

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.1AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 3:2 p.m.10 views

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

0.00223EPSS
Exploits0References1
Chainguard
Chainguard
added 2025/08/30 2:3 p.m.6 views

GHSA-8F82-53H8-2P34 vulnerabilities

Vulnerabilities for packages: vault, splunk-otel-collector, splunk-otel-collector-fips...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:37 a.m.10 views

CVE-2024-32028

OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore the url.full writes attribute/tag on spans Activity when tracing is enabled for outgoing http requests and...

4.1CVSS4.6AI score0.00291EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/17 9:27 p.m.2 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...

5.9CVSS7.1AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/17 9:27 p.m.4 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of credentials being passed as parameter values when registering a new user via the OpenTelemetry endpoint. These values may be passed in a cache-to/cache-from configuration a...

5.9CVSS4.5AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2025/03/17 8:15 p.m.9 views

AZL-58854 CVE-2025-0495 affecting package moby-buildx for versions less than 0.7.1-25

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

4.1CVSS7.1AI score0.0018EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/03/04 8:0 a.m.7 views

An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.

...

7.5CVSS7.9AI score0.01073EPSS
Exploits2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.7 views

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit version 3.1.9, which stems from the presence of a null pointer reference in the OpenTelemetry plugin, which can lead to a remote denial of service...

7.5CVSS7.6AI score0.01073EPSS
Exploits2References4
SUSE Linux
SUSE Linux
added 2025/02/14 7:16 a.m.6 views

Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant...

9.4CVSS8.1AI score0.04094EPSS
Exploits3References60
BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.7 views

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib, relates to the distribution of resources without any restrictions or regulations. This allows a malicious actor to cause service failures.

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the distribution of resources without any restrictions or regulation when adding the net.peer.sock.addr and net.peer.sock.port tags, which have unrestricted...

7.8CVSS7AI score0.01592EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2024/08/13 11:22 p.m.11 views

GO-2024-3066 open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension

open-telemetry has an Observable Timing Discrepancy in github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension...

6.5CVSS6.3AI score0.0062EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/13 6:59 p.m.22 views

open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...

6.5CVSS7AI score0.0062EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:26 p.m.6 views

Malicious code in Be.Vlaanderen.Basisregіsters.OpenTеlemetrу.Elаstic.Apm (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:25 p.m.2 views

Malicious code in Be.Vlaanderеո.Basisregistеrs.OpеnTelemetry (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-24366 · Opentelemetry · Opentelemetry.Instrumentation.Aspnetcore +1

Name of the Vulnerable Software and Affected Versions: OpenTelemetry.Instrumentation.Http versions prior to 1.8.1 OpenTelemetry.Instrumentation.AspNetCore versions prior to 1.8.1 Description: The issue concerns the OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore...

4.1CVSS6.6AI score0.00291EPSS
Exploits0References10
Amazon
Amazon
added 2024/02/05 12:0 a.m.8 views

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.01364EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/31 4:41 p.m.2 views

opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics

A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system...

7.5CVSS7.2AI score0.01592EPSS
Exploits0References5
Rows per page
Query Builder