5 matches found
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
CVE-2025-32021
CVE-2025-32021 concerns Weblate before 5.11, where creating a new component from an existing one could leak VCS credentials. If the source repository URL is present in settings, that URL is carried in client URL parameters during creation; credentials such as GitHub PATs and usernames could appea...
CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...
GHSA-M67M-3P5G-CW9J VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...