61 matches found
PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins MQ Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default. Recommendations: For Jenkins MQ Notifier Plugin...
Puppet Enterprise < 2019.8.8 / 2021.3.0 Information Disclosure Vulnerability
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes. Note that Nessus has not tested for this issue but has instead...
CVE-2023-43668 Apache InLong: Jdbc Connection Security Bypass in InLong
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or...
PT-2023-15907 · WordPress · Backupbuddy
Name of the Vulnerable Software and Affected Versions: BackupBuddy WordPress plugin versions prior to 8.8.3 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the BackupBuddy WordPress plugin does not properly sanitise and escape some parameters before outputti...
CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...
CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...
PT-2022-24670 · Sap · Sap Businessobjects Business Intelligence Platform Central Management Console
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Central Management Console CMC version 430 Description: The issue allows an attacker to access certain unencrypted sensitive parameters under certain conditions, which would otherwise be...
SAP BusinessObjects Business Intelligence Platform 安全漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...
Information Exposure
Overview bolt is a library enabling the execution of commands remotely over SSH and WinRM Affected versions of this package are vulnerable to Information Exposure when running the planstart command, which returns and logs sensitive parameters. Remediation Upgrade bolt to version 3.24.0 or higher...
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...
CVE-2022-2394
CVE-2022-2394 affects Puppet Bolt prior to 3.24.0. The vulnerability results from Bolt printing sensitive parameters during planning/runs, which may be logged when executed programmatically (e.g., via Puppet Enterprise). Affected versions include Bolt before 3.24.0; the issue is an information di...
Puppet 日志信息泄露漏洞
Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the United States, which can be used to manage profiles, users, cron tasks, packages, system services, and more. A log information disclosure vulnerability exists in Puppet Bolt versions...
PT-2022-16353 · Puppet · Puppet Bolt
Name of the Vulnerable Software and Affected Versions: Puppet Bolt versions prior to 3.24.0 Description: The issue allows sensitive parameters to be printed when planning a run, potentially resulting in them being logged when executed programmatically, such as through Puppet Enterprise...
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...
Puppet Server 日志信息泄露漏洞
Puppet Server is a software from US-based Puppet Labs for pushing configurations from a master server to other servers. Puppet Server suffers from a logging information disclosure vulnerability that stems from the possibility that the software may be logging some sensitive program parameters...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
Design/Logic Flaw
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
UBUNTU-CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...
CVE-2021-27022
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...