12 matches found
CVE-2026-45581
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...
CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...
CVE-2026-45581
CVE-2026-45581 affects fabric-chaincode-java (Hyperledger Fabric chaincode runtime). In versions 2.3.1 through 2.5.09, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server’s INFO logs include the TLS private key password in plaintext, enabling an attacker with log a...
CVE-2026-45581
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...
Hyperledger Fabric Chaincode Java 日志信息泄露漏洞
Hyperledger Fabric Chaincode Java is an open-source Java-based smart contract development framework developed by the Hyperledger project. In versions 2.3.1 to 2.5.10 of Hyperledger Fabric Chaincode Java, there was a vulnerability involving log information leakage. This vulnerability occurred when...
GHSA-WG5X-3G47-V38R fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...
EUVD-2022-5656
Malicious code in bioql PyPI...
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...
Code injection
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign and encrypt arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows ...
Jenkins Coverity Plugin Information Disclosure Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the CIMInstance.java file in Jenkins Coverity Plugin 1.10.0 and earlier versions, which stems from the program storing passwords in plaintext. An attacke...
CVE-2018-1000104
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...
HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions Vulnerability
HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure. / Exploit Title: HP Insight...