GHSA-2522-MRJC-M688 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

CVE-2024-31869 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

CVE-2024-31869 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

Cross site scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

CVE-2022-39048 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

h1-ctf: [ Hacky Holidays CTF ] Completely taken down the Grinch Networks

Day 1 - Robot flag We're presented with sample ui page without any function. So I guessed content discovery is the best way to find flag. And robots.txt came to my mind and found the flag. https://hackyholidays.h1ctf.com/robots.txt Response User-agent: Disallow: /s3cr3t-ar3a Flag:...

Kentico CMS Has Multiple Cross-Site Scripting Vulnerabilities

Kentico CMS is an enterprise-grade web content management system and customer experience management system. Kentico CMS 8.2 suffers from multiple cross-site scripting vulnerabilities. Allows remote attackers to inject any web script or HTML via the CMSModules/AdminControls/Pages/UIPageaspx or...

CVE-2014-6074

IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page...

CVE-2014-6074

IBM UrbanCode Deploy 6.1.0.2 before IF1 is affected. The flaw allows remote authenticated users to read keystore secret keys via direct access to a UI page, potentially exposing all encrypted values and SSL communications between server and agents. The IBM security bulletin notes the affected pro...