Lucene search
K

97 matches found

OSV
OSV
added 2023/11/13 9:15 p.m.10 views

PYSEC-2023-275

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS7.4AI score0.04055EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2023/11/13 8:13 p.m.13 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.6AI score0.04055EPSS
Exploits3References2
OSV
OSV
added 2023/11/13 8:13 p.m.34 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.5AI score0.04055EPSS
Exploits3References4
NVD
NVD
added 2023/09/27 3:19 p.m.30 views

CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

6.5CVSS5.7AI score0.00738EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 3:19 p.m.22 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

4CVSS6.4AI score0.00738EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/27 3:19 p.m.2 views

UBUNTU-CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

6.5CVSS5.8AI score0.00738EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/09/27 12:0 a.m.19 views

Sensitive fields enumeration through API in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on...

6.5CVSS7.1AI score0.00738EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/26 9:16 p.m.20 views

CVE-2023-41321 Sensitive fields enumeration through API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

4.9CVSS6.7AI score0.00738EPSS
Exploits0References1
OSV
OSV
added 2023/09/26 9:16 p.m.30 views

CVE-2023-41321 Sensitive fields enumeration through API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

4.9CVSS6.3AI score0.00738EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/26 9:16 p.m.38 views

CVE-2023-41321 Sensitive fields enumeration through API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

4.9CVSS6.6AI score0.00738EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.8 views

PT-2023-6822 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.10 Description: The issue is related to information disclosure in the GLPI system. Exploitation of this issue may allow a remote attacker to disclose protected information. An API user can enumerate sensitive field...

10CVSS6.6AI score0.99628EPSS
Exploits27References156
Prion
Prion
added 2023/08/31 1:15 a.m.18 views

Design/Logic Flaw

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave"...

1.7CVSS5.2AI score0.00205EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/31 12:43 a.m.22 views

CVE-2023-31423 Possible information exposure through log file vulnerability

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local attacker must have access to an already collected Brocade SANnav "supportsave"...

5.7CVSS5.6AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.6 views

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Brocade SANnav versions prior to v2.3.0 and v2.2.2a, which stems from a Brocade SANnav log file that could lead to information disclosure, where sensitive fields are recorded in...

5.7CVSS7.4AI score0.00205EPSS
Exploits0References3
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.31 views

CVE-2023-31423 - Possible information exposure through log file vulnerability

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the attacker must first collect a "supportsave" on Brocade SANnav or have access to an...

5.7CVSS6.5AI score0.00205EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2023/02/07 12:0 a.m.37 views

CVE-2022-43757 Rancher: Exposure of sensitive fields

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher...

9.9CVSS9.8AI score0.00553EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.7 views

CVE-2019-14840

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials...

7.3AI score0.00675EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-8095 · Red Hat · Red Hat Decision Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Decision Manager RHDM affected versions not specified Description: A flaw was found in the RHDM, where sensitive HTML form fields like password have auto-complete enabled, which may lead to a leak of credentials. Recommendations: At t...

7.5CVSS4.8AI score0.00675EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/09/23 6:11 p.m.87 views

Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token used to provision clusters, were stored in plaintext directly on Kubernetes objects like Clusters, for example...

9.9CVSS8.6AI score0.0293EPSS
Exploits3References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/01 6:15 p.m.5 views

CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

6.1CVSS6.1AI score0.00713EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder