Lucene search
K

61 matches found

Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.8 views

PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MQ Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default. Recommendations: For Jenkins MQ Notifier Plugin...

6.5CVSS6.3AI score0.00679EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.17 views

Puppet Enterprise < 2019.8.8 / 2021.3.0 Information Disclosure Vulnerability

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes. Note that Nessus has not tested for this issue but has instead...

4.9CVSS5.3AI score0.00909EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/16 8:7 a.m.36 views

CVE-2023-43668 Apache InLong: Jdbc Connection Security Bypass in InLong

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or...

9.7AI score0.01009EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/21 12:0 a.m.6 views

PT-2023-15907 · WordPress · Backupbuddy

Name of the Vulnerable Software and Affected Versions: BackupBuddy WordPress plugin versions prior to 8.8.3 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the BackupBuddy WordPress plugin does not properly sanitise and escape some parameters before outputti...

6.1CVSS6.5AI score0.00858EPSS
Exploits2References5
NVD
NVD
added 2022/09/13 4:15 p.m.28 views

CVE-2022-39014

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...

5.3CVSS0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/13 3:43 p.m.23 views

CVE-2022-39014

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...

5.5AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.5 views

PT-2022-24670 · Sap · Sap Businessobjects Business Intelligence Platform Central Management Console

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Central Management Console CMC version 430 Description: The issue allows an attacker to access certain unencrypted sensitive parameters under certain conditions, which would otherwise be...

5.3CVSS5.1AI score0.00384EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
Snyk
Snyk
added 2022/07/20 11:5 a.m.5 views

Information Exposure

Overview bolt is a library enabling the execution of commands remotely over SSH and WinRM Affected versions of this package are vulnerable to Information Exposure when running the planstart command, which returns and logs sensitive parameters. Remediation Upgrade bolt to version 3.24.0 or higher...

4.1CVSS7.2AI score0.00449EPSS
Exploits0References2
NVD
NVD
added 2022/07/19 6:15 p.m.28 views

CVE-2022-2394

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...

4.1CVSS0.00449EPSS
Exploits0References1
CVE
CVE
added 2022/07/19 5:46 p.m.80 views

CVE-2022-2394

CVE-2022-2394 affects Puppet Bolt prior to 3.24.0. The vulnerability results from Bolt printing sensitive parameters during planning/runs, which may be logged when executed programmatically (e.g., via Puppet Enterprise). Affected versions include Bolt before 3.24.0; the issue is an information di...

4.1CVSS3.9AI score0.00449EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.6 views

Puppet 日志信息泄露漏洞

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the United States, which can be used to manage profiles, users, cron tasks, packages, system services, and more. A log information disclosure vulnerability exists in Puppet Bolt versions...

4.1CVSS5.1AI score0.00449EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/19 12:0 a.m.9 views

PT-2022-16353 · Puppet · Puppet Bolt

Name of the Vulnerable Software and Affected Versions: Puppet Bolt versions prior to 3.24.0 Description: The issue allows sensitive parameters to be printed when planning a run, potentially resulting in them being logged when executed programmatically, such as through Puppet Enterprise...

4.1CVSS3.9AI score0.00449EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/15 5:41 p.m.4 views

CVE-2022-2394

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...

4.1CVSS5.9AI score0.00449EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.6 views

Puppet Server 日志信息泄露漏洞

Puppet Server is a software from US-based Puppet Labs for pushing configurations from a master server to other servers. Puppet Server suffers from a logging information disclosure vulnerability that stems from the possibility that the software may be logging some sensitive program parameters...

4.4CVSS5.1AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2021/09/07 2:15 p.m.4 views

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

4.9CVSS5.8AI score0.00909EPSS
Exploits0References2
Prion
Prion
added 2021/09/07 2:15 p.m.15 views

Design/Logic Flaw

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

4CVSS5AI score0.00909EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2021/09/07 2:15 p.m.39 views

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

4.9CVSS5.9AI score0.00909EPSS
Exploits0References2
OSV
OSV
added 2021/09/07 2:15 p.m.3 views

UBUNTU-CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

4.9CVSS5.8AI score0.00909EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/07 1:3 p.m.23 views

CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

5.3AI score0.00909EPSS
Exploits0References2
Rows per page
Query Builder