Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 4:53 p.m.8 views

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 4:53 p.m.22 views

CVE-2026-45581

CVE-2026-45581 affects fabric-chaincode-java (Hyperledger Fabric chaincode runtime). In versions 2.3.1 through 2.5.09, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server’s INFO logs include the TLS private key password in plaintext, enabling an attacker with log a...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:53 p.m.7 views

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Hyperledger Fabric Chaincode Java 日志信息泄露漏洞

Hyperledger Fabric Chaincode Java is an open-source Java-based smart contract development framework developed by the Hyperledger project. In versions 2.3.1 to 2.5.10 of Hyperledger Fabric Chaincode Java, there was a vulnerability involving log information leakage. This vulnerability occurred when...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 3:40 p.m.7 views

GHSA-WG5X-3G47-V38R fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5656

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01374EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 6:57 a.m.14 views

CVE-2018-1999036

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...

6.5CVSS6.3AI score0.01374EPSS
Exploits0References1
Prion
Prion
added 2019/07/09 9:15 p.m.14 views

Code injection

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign and encrypt arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows ...

6.4CVSS6.5AI score0.0089EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2018/03/27 12:0 a.m.3 views

Jenkins Coverity Plugin Information Disclosure Vulnerability

Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the CIMInstance.java file in Jenkins Coverity Plugin 1.10.0 and earlier versions, which stems from the program storing passwords in plaintext. An attacke...

7.8CVSS6.8AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/13 1:0 p.m.28 views

CVE-2018-1000104

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...

7.6AI score0.00344EPSS
Exploits0References1
0day.today
0day.today
added 2017/12/29 12:0 a.m.51 views

HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...

6.6AI score
Exploits0
Rows per page
Query Builder