Lucene search
+L

5 matches found

OSV
OSV
added 2024/01/04 12:30 p.m.14 views

GHSA-86RG-PF4C-5GRG @backstage/backend-app-api leaks GitLab access tokens

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

7.3CVSS5.4AI score0.00561EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/01/04 12:30 p.m.36 views

@backstage/backend-app-api leaks GitLab access tokens

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS6.9AI score0.00561EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2024/01/04 10:15 a.m.33 views

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS5.5AI score0.00561EPSS
Exploits0References3
Prion
Prion
added 2024/01/04 10:15 a.m.20 views

Code injection

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

3.5CVSS6.9AI score0.00561EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2024/01/04 10:2 a.m.35 views

CVE-2023-6944 Rhdh: catalog-import function leaks credentials to frontend

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

5.7CVSS5.7AI score0.00561EPSS
Exploits0References3
Rows per page
Query Builder