3 matches found
GHSA-PR7J-96CJ-549H Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...
Server-Side Template Injection (SSTI)
getgrav/grav is vulnerable to a Server-Side Template Injection SSTI. The vulnerability is due to improper input handling in form submissions, which allows an attacker to send a crafted POST payload to expose sensitive configuration details, including plugin configurations...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...