CVE-2021-27026

A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged...

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

CVE-2020-7944

In Continuous Delivery for Puppet Enterprise CD4PE before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report...

The Hidden Dangers of Public Serverless Repositories: An Empirical Security Assessment

Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become key to accelerating the development of serverless...

EUVD-2021-13795

Malware in sbrugna...

EUVD-2020-28866

Malware in sbrugna...

EUVD-2022-41560

Malicious code in bioql PyPI...

EUVD-2023-2805

Malicious code in bioql PyPI...

EUVD-2022-0716

Malicious code in bioql PyPI...

EUVD-2024-45989

Malicious code in bioql PyPI...

EUVD-2022-34659

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-27022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should...

CVE-2022-39014

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...

CVE-2020-1928

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...

CVE-2024-45738

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the internal index. This exposure could happen if you configure the Splunk Enterprise RESTCalls log channel at the DEBUG logging level...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.3.x prior to 9.3.1, 9.2.x prior to 9.2.3, and 9.1.x prior to 9.1.6, which stems from the possibility of exposing sensitive...

keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MQ Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default. Recommendations: For Jenkins MQ Notifier Plugin...

Jenkins MQ Notifier Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Puppet Enterprise < 2019.8.8 / 2021.3.0 Information Disclosure Vulnerability

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes. Note that Nessus has not tested for this issue but has instead...