9 matches found
EUVD-2024-2425
Malicious code in bioql PyPI...
CVE-2024-40636
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
CVE-2024-40636
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
CVE-2024-40636 Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer Awareness
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service UR...
CVE-2024-40636
The CVE concerns Steeltoe.Discovery.Eureka where DiscoveryClient logs may leak basic-auth credentials because Eureka server URLs are not fully masked when FetchRegistry fails. Affects Steeltoe.Discovery.Eureka (and related packages) with multiple Eureka URLs and basic auth; root cause is logging ...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. An attacker can gain access to credentials by examining th...
PT-2024-28955 · Steeltoe · Steeltoe.Discovery.Eureka
Name of the Vulnerable Software and Affected Versions: Steeltoe.Discovery.Eureka versions prior to 3.2.8 Description: The issue concerns credential leakage in logs when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. Only...