Lucene search
K

11 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

4.3CVSS0.0013EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:40 a.m.6 views

BIT-AIRFLOW-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

6.5CVSS5.5AI score0.0041EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 10:40 p.m.9 views

EUVD-2026-34047

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS5.7AI score0.00276EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/18 6:22 a.m.40 views

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

0.00421EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/18 6:22 a.m.5 views

EUVD-2026-23666

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

5.8AI score0.00421EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.11 views

PT-2026-33595

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Secrets stored within variables as JSON dictionaries are not properly redacted. When a user retrieves these variables, secrets located in nested fields are not masked. Recommendations Upgrade ...

3.7CVSS5.8AI score0.00421EPSS
Exploits0References14
Veracode
Veracode
added 2026/01/05 3:55 p.m.7 views

Sensitive Information Disclosure

apacheairflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper redaction of secret values in rendered templates, which allows authenticated users to view sensitive secrets without appropriate authorization...

6.5CVSS6.7AI score0.00406EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-66388

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

6.5CVSS6.7AI score0.00406EPSS
Exploits0References1
OSV
OSV
added 2025/08/15 5:10 p.m.20 views

CVE-2025-55285 @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetch:template`

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...

2.6CVSS6.5AI score0.0021EPSS
Exploits0References4
Veracode
Veracode
added 2025/03/11 7:8 a.m.13 views

Cleartext Storage Of Sensitive Information

Jenkins is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to improper secret redaction due to config.xml of agents being accessible via the REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted secret values...

4.3CVSS6.6AI score0.00684EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/02 3:35 p.m.17 views

CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

7.1AI score0.0084EPSS
Exploits0References1
Rows per page
Query Builder