13 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/usage-report/summary endpoint. An attacker can access aggregate API usage counts by sending unauthenticated requests to this endpoint, potentially revealing information about service activity or...
GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics
Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...
lakeFS affected by unauthenticated access to API usage metrics
Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...
Apache Archiva Security Vulnerability
Apache Archiva is a suite of software from the Apache USA Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. A security vulnerability exists in Apache Archiva that stem...
PT-2023-33035 · Unknown · Apollo Server
Name of the Vulnerable Software and Affected Versions: Apollo Server versions prior to the latest version Description: The issue concerns Apollo Server logging sensitive information, specifically Studio API keys, under certain conditions. This occurs when API keys are passed with leading or...
Prevent logging invalid header values
Impact What kind of vulnerability is it? Apollo Server can log sensitive information Studio API keys if they are passed incorrectly with leading/trailing whitespace or if they have any characters that are invalid as part of a header value. Who is impacted? Users who all of the below: use either t...
Apache Archiva Security Feature Issue Vulnerability
Apache Archiva is a suite of software from the Apache Foundation for managing one or more remote stores. The software provides remote Repository agents, role-based security access management, and usage reporting. Apache Archiva is vulnerable to a security feature issue that can be exploited by an...
Veeam Service Provider Console v4 Patch 2
Challenge Veeam Service Provider Console v4 Patch 2. Cause Please confirm you are running version 4.0.0.4877 or later before installing this Patch 2. You can check this by logging in to the backup portal and navigating to Configuration Support Information tab. After upgrading, your server build...
Veeam Service Provider Console v4 Patch 1 (build 4911)
Challenge Veeam Service Provider Console v4 Patch 1. This patch is superseded by the Patch 2 Cause Please confirm you are running version 4.0.0.4877 before installing this Patch 1. You can check this under Windows Programs and features. After upgrading, your build will be version 4.0.0.4911. As a...
Veeam Availability Console v3 Patch 3 (build 2762)
Challenge Veeam Availability Console v3 Patch 3 build 2762. This update supersedes Veeam Availability Console v3 Patch 2 build 2725. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 3. You can check this under Windows Programs and features. After...
Veeam Availability Console v3 Patch 2 (build 2725)
Challenge Veeam Availability Console v3 Patch 2 build 2725. This update supersedes Veeam Availability Console v3 Patch 1 build 2703. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 2. You can check this under Windows Programs and features. After...
Secure channel communications stop working after disabling TLS 1.0/1.1
After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting and Veeam explorers with remote mounts stop working...
Service Provider Licensing
Challenge Starting with Veeam Backup & Replication 9.0 Update 2, there have been several changes to licensing for service providers. Solution Usage reporting Veeam Backup & Replication 9.0 Update 2 introduced usage reporting by the backup server. This is considered a pilot and does not yet replac...