1287 matches found
CVE-2026-62147
CVE-2026-62147 affects the Tempo Operator, specifically its gateway component. When query RBAC is enabled, the gateway fails to consistently apply namespace-scoped redaction on certain query API response paths, allowing an authenticated user to read span attributes belonging to other tenants’ nam...
CVE-2026-62147
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...
PT-2026-57809
Name of the Vulnerable Software and Affected Versions Tempo Operator affected versions not specified Description The gateway component fails to consistently apply namespace-scoped redaction on certain query API response paths when query RBAC Role-Based Access Control is enabled. This allows an...
CVE-2026-48828
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...
CVE-2026-48828 Apache Airflow: Bulk JSON Variables bypass should_hide_value_for_key - redact() called without the key
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...
EUVD-2026-42028
The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...
Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.1 release
Red Hat OpenShift distributed tracing platform Tempo 3.10.1 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None Deprecations: None Technology Preview features: None Enhancements: None Bug...
EUVD-2026-40374
Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...
SUSE-SU-2026:2695-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...
CVE-2026-57287
Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...
CVE-2026-57287
Affected product: Jenkins Job Configuration History Plugin. Vulnerable component: historical job/agent configuration display. Root cause: plugin versions 1356.ve360da_6c523a_ and earlier fail to redact encrypted secret values when shown in history, enabling disclosure to users with Extended Read....
netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
REST Path Traversal Bypasses Token Redaction in netlicensing-mcp Summary The netlicensinggetproduct MCP tool in netlicensing-mcp interpolates a caller-controlled productnumber argument directly into a REST URL path without any validation. Passing ../token as the product number causes httpx to...
BIT-MONGODB-2026-9735 Keyfile contents are in MongoDB Server logs
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
CVE-2025-46313
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-46313
CVE-2025-46313 describes a logging issue in macOS Tahoe 26.1 where sensitive user data could be exposed due to insufficient data redaction. Affected product: macOS Tahoe (specific version prior to 26.1). Root cause: inadequate redaction in log/data handling within the system components. Impact: a...
EUVD-2025-210112
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-46313
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-46313
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2026-53912
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...
CVE-2026-53912 Cerebrate self-registration password hash exposure via inbox and audit log views
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...