Lucene search
K

58 matches found

OSV
OSV
added 2023/08/31 5:10 p.m.30 views

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

3.3CVSS4.5AI score0.00569EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/07/06 8:53 p.m.2482 views

Graylog server has partial path traversal vulnerability in Support Bundle feature

A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...

3.8CVSS6.5AI score0.00569EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/07/06 8:53 p.m.74 views

GHSA-2Q4P-F6GF-MQR5 Graylog server has partial path traversal vulnerability in Support Bundle feature

A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...

3.3CVSS5.9AI score0.00569EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.8 views

PT-2023-27757 · Graylog · Graylog

Name of the Vulnerable Software and Affected Versions: Graylog versions prior to 5.1.3 Description: A partial path traversal vulnerability exists in Graylog's Support Bundle feature, caused by incorrect user input validation in an HTTP API resource. This allows an attacker with valid Admin role...

3.8CVSS3.8AI score0.00569EPSS
Exploits1References8
NVD
NVD
added 2022/11/15 8:15 p.m.32 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.5CVSS0.00649EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.7AI score0.00649EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.6 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.3AI score0.00649EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/11/15 12:0 a.m.33 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.5CVSS4AI score0.00649EPSS
Exploits0References2
NVD
NVD
added 2022/11/07 4:15 a.m.23 views

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

6.5CVSS0.00523EPSS
Exploits0References1
OSV
OSV
added 2022/11/07 4:15 a.m.7 views

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

6.5CVSS5.8AI score0.00523EPSS
Exploits0References1
Prion
Prion
added 2022/11/07 4:15 a.m.14 views

Information disclosure

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

4CVSS6.2AI score0.00523EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/10/21 12:15 p.m.27 views

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

7.5CVSS0.00724EPSS
Exploits0References2
OSV
OSV
added 2022/10/21 12:15 p.m.6 views

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

7.5CVSS5.8AI score0.00724EPSS
Exploits0References2
Citrix
Citrix
added 2022/10/20 12:0 a.m.6 views

How to Generate a support file for ADC

This article shows users how to generate a support bundle from there ADC device...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.35 views

Jenkins Support Core Plugin stores sensitive data in plain text

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted...

6.5CVSS6AI score0.00966EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/02/15 5:15 p.m.17 views

Design/Logic Flaw

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle...

4CVSS6.2AI score0.00966EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/06 2:50 p.m.27 views

CVE-2021-36096 Support Bundle includes S/Mime and PGP secret or PIN

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...

5.2CVSS5.7AI score0.00449EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/26 4:25 a.m.31 views

CVE-2021-21440 Support Bundle includes S/Mime and PGP keys

Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions...

5.2CVSS6.9AI score0.00814EPSS
Exploits0References2
OSV
OSV
added 2020/09/23 8:23 a.m.15 views

OPENSUSE-SU-2020:1509-1 Recommended update for otrs

Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...

8.1CVSS6.3AI score0.02018EPSS
Exploits0References33
NVD
NVD
added 2020/03/27 1:15 p.m.19 views

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

4.3CVSS4.8AI score0.01317EPSS
Exploits0References6
Rows per page
Query Builder