5 matches found
CVE-2023-39737
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages...
undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files
A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the userβs credentials from the log files...
Information disclosure
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCREL0 register can leak secure world timing information...
Algolia: SAUCE Access_key and User_name leaked in Travis CI build logs
hello algolia team, I founded the SAUCE AccessKey and Username was leaked in Travis CI build logs of instantsearch.js product Line-249-&-250. This can be used to perform every API calls of sauce-lab.e.g Creating a Sub account. I created a test account for testing. sorry for this ; . You should...
Brute force protection on JIRA 4.1 leaks valid account names
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-21036. panel The brute force login protection in JIRA only activates when a real user account is accessed. This can be used by an attacker to...