Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.7 views

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

6.5CVSS6.7AI score0.0063EPSS
Exploits0
NVD
NVD
added 2024/11/21 11:15 a.m.45 views

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

9.1CVSS0.05165EPSS
Exploits3References3
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.3 views

InfluxData InfluxDB 安全漏洞

InfluxData InfluxDB is a Go-based development of temporal databases from InfluxData, USA. A security vulnerability exists in InfluxData InfluxDB version 2.7.10 and earlier, which stems from a vulnerability that allows an allAccess administrator to retrieve all raw tokens via the influx auth ls...

9.1CVSS8.7AI score0.05165EPSS
Exploits3References5
CVE
CVE
added 2024/11/21 12:0 a.m.134 views

CVE-2024-30896

CVE-2024-30896 affects InfluxDB OSS 2.x up to 2.7.11, where the administrative operator token is stored under the default organization. This allows authorized users with read access to the default organization’s authorization resource to retrieve the operator token, enabling potential privilege e...

9.1CVSS8.4AI score0.05165EPSS
Exploits3References3
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.59 views

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

0.05165EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2024/11/21 12:0 a.m.11 views

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

8.4AI score0.05165EPSS
Exploits3References3
NVD
NVD
added 2023/11/24 6:15 p.m.38 views

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

6.5CVSS0.0063EPSS
Exploits0References3
OSV
OSV
added 2023/11/24 5:16 p.m.31 views

CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

5CVSS6.5AI score0.0063EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/11/23 12:28 a.m.28 views

Insertion of Sensitive Information into Log

Impact If successful login attempts are recorded, the raw tokens are stored in the log table. If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user's authority. When you 1 use the following...

6.5CVSS6.8AI score0.0063EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/11/23 12:28 a.m.25 views

GHSA-J72F-H752-MX4W Insertion of Sensitive Information into Log

Impact If successful login attempts are recorded, the raw tokens are stored in the log table. If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user's authority. When you 1 use the following...

5CVSS6.3AI score0.0063EPSS
Exploits0References5
Rows per page
Query Builder