Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. This vulnerability allow...

CVE-2024-31223

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

CVE-2024-31223 Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL

Fides is an open-source privacy engineering platform, and SERVERSIDEFIDESAPIURL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address,...

PT-2024-23864

Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.39.2rc0 Description A vulnerability in Fides allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of the SERVER SIDE FIDES API URL server-side...

tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

PT-2023-18088 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue allows a secondary user to control private DNS settings due to a permissions bypass in the Settings application. This could lead to local information disclosure without...

Security Bulletin: A Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3789)

Summary A security vulnerability affects Cloud Foundry for IBM Cloud Private Vulnerability Details CVEID: CVE-2019-3789 DESCRIPTION: Cloud Foundry Routing Release could allow a remote authenticated attacker to bypass security restrictions, caused by improper authenticity validation of a private...

CVE-2019-3789

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...

CVE-2019-3789

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...

Design/Logic Flaw

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...

CVE-2019-3789: Gorouter allows space developer to hijack route services hosted outside the platform | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CF Routing All versions prior to 0.188.0 Description Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the...

USN-3164-1 exim4 vulnerability

Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files...