Lucene search
K

13 matches found

OSV
OSV
added 2026/02/03 8:37 p.m.3 views

GO-2026-4330 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function in github.com/external-secrets/external-secrets...

9.3CVSS5.2AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.14 views

CVE-2020-10187

Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...

7.5CVSS6.3AI score0.02016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 10:23 p.m.1 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.5AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2133

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.01131EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-0983

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00796EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-5808

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01374EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.10 views

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 12:31 p.m.16 views

GHSA-2J87-P623-8CC2 Mattermost vulnerable to Observable Timing Discrepancy

Mattermost Plugin MSTeams versions 2.1.0 and Mattermost Server versions 10.5.x =10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack...

5.3CVSS7AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 2025/04/16 10:15 a.m.33 views

CVE-2025-27936

Mattermost Plugin MSTeams versions 2.1.0 and Mattermost Server versions 10.5.x =10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack...

5.9CVSS0.0027EPSS
Exploits0References1
Prion
Prion
added 2023/10/26 1:15 a.m.21 views

Design/Logic Flaw

An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...

5.5CVSS7.9AI score0.00473EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/15 4:11 p.m.170 views

CVE-2022-25186

CVE-2022-25186 affects the Jenkins HashiCorp Vault Plugin (3.8.0 and earlier). The vulnerability lets an attacker who can control an agent process retrieve vault secrets for an attacker-specified path and key from the agent side. In practical terms, compromised agents can exfiltrate sensitive Vau...

6.5CVSS6.5AI score0.00796EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/01/14 3:15 p.m.28 views

Cross site request forgery (csrf)

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...

5CVSS7.7AI score0.03915EPSS
Exploits0References24Affected Software13
Prion
Prion
added 2019/12/23 6:15 p.m.19 views

Design/Logic Flaw

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP...

4CVSS4.6AI score0.00697EPSS
Exploits0References1Affected Software14
Rows per page
Query Builder