23 matches found
EUVD-2024-1788
Malicious code in bioql PyPI...
EUVD-2024-33678
Malicious code in bioql PyPI...
CVE-2025-10644 Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
CVE-2024-11165 describes an information disclosure in the backup configuration flow where the SAS token is not masked in the response, causing plaintext leakage in the yb_backup logs. Affected: YugabyteDB Anywhere versions 2.20.0.0–2.20.6.0, 2.23.0.0–2.23.0.0, and 2024.1.0.0–2024.1.2.0 (per PT-20...
KernelCI SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on KernelCI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to make unauthorized changes to...
Microsoft Azure SQL Managed Instance Documentation SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attac...
GO-2024-2859 source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller
source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller...
Token Disclosure
github.com/fluxcd/source-controller is vulnerable to Token Disclosure though logs. The vulnerability is due to improper credential masking in error statements when the source-controller encounters an error when connecting to Azure Blob Storage, resulting in the Azure SAS token being logged along...
GHSA-V554-XWGW-HC3W source-controller leaks Azure Storage SAS token into logs
Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access t...
CVE-2024-31216
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attac...
Microsoft PC Manager SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on Microsoft PC Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain...