com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=5.2.0), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=5.1.2) +3 more potentially affected by CVE-2023-41041 via org.graylog2:graylog2-server (>=5.1.0 <=5.1.2)

org.graylog2:graylog2-server MAVEN version =5.1.0, =5.1.0, =5.1.0, =5.1.13 Source cves: CVE-2023-41041 Source advisory: OSV:GHSA-3FQM-FRHG-7C85...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (=1.0.0), com.airbus-cyber-security.graylog:graylog-plugin-logging-alert (>=1.0.0 <=1.0.1) +8 more potentially affected by CVE-2018-11651 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=2.4.3)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.0.0, =1.0.2, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2018-11651 Source advisory: OSV:GHSA-435G-R2M8-GJVM...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.0.0 <=5.2.1) +43 more potentially affected by CVE-2021-38153 via org.apache.kafka:kafka_2.13 (>=2.7.0 <=2.7.1)

org.apache.kafka:kafka2.13 MAVEN version =2.7.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =1.10, =2.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.2.1, =4.0.7 - io.github.embeddedkafka:embedded-kafka-connect2.13 =2.7.0 and more Source cves: CVE-2021-38153 Source advisory: OSV:GHSA-3J6G-HXX5-3Q26...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

PYSEC-2019-74

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

PT-2019-11763 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.26 and earlier Description: The issue arises from an incomplete fix that did not properly apply masking to some values expected to be hidden when logging the configuration being applied. This...