6 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-28377
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users t...
CVE-2026-28377
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
CVE-2026-28377
The CVE-2026-28377 issue affects Grafana Tempo (tempo package) where the /status/config endpoint exposes the S3 SSE-C encryption key in plaintext, enabling unauthorized access to the key used for tracing data stored in S3. Affected component/file: the Tempo S3 backend (tempodb/backend/s3) as desc...
CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...
CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...
CVE-2025-67732
Dify (open-source LLM app platform) prior to v1.11.0 exposes API keys in plaintext to the frontend, allowing non-administrator users to view and reuse them. This can enable unauthorized access to third‑party services and potential quota abuse. A fix is available in v1.11.0 or later.