58 matches found
CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...
Graylog server has partial path traversal vulnerability in Support Bundle feature
A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...
GHSA-2Q4P-F6GF-MQR5 Graylog server has partial path traversal vulnerability in Support Bundle feature
A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...
PT-2023-27757 · Graylog · Graylog
Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 5.1.3 Description: A partial path traversal vulnerability exists in Graylog's Support Bundle feature, caused by incorrect user input validation in an HTTP API resource. This allows an attacker with valid Admin role...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
CVE-2022-45383
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
Information disclosure
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...
CVE-2022-41575
A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...
How to Generate a support file for ADC
This article shows users how to generate a support bundle from there ADC device...
Jenkins Support Core Plugin stores sensitive data in plain text
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted...
Design/Logic Flaw
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle...
CVE-2021-36096 Support Bundle includes S/Mime and PGP secret or PIN
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...
CVE-2021-21440 Support Bundle includes S/Mime and PGP keys
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...
OPENSUSE-SU-2020:1509-1 Recommended update for otrs
Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...
CVE-2020-1770
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...