Lucene search
+L

47 matches found

Veracode
Veracode
added 2025/07/08 4:40 a.m.11 views

Sensitive Information Exposure

io.zipkin, zipkin-server is vulnerable to Sensitive Information Exposure. The vulnerability is due to the presence of an unprotected /heapdump endpoint associated with Spring Boot Actuator, which allows an attacker to retrieve memory dumps and potentially extract sensitive data. Note: There is a...

5.3CVSS9.3AI score0.00284EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.43 views

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS6.3AI score0.08489EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/07/04 9:56 p.m.8 views

io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)

io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: SNYK:JAVA-IOZIPKIN-10639631...

5.3CVSS5.8AI score0.00284EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/04 9:30 p.m.5 views

io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)

io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: OSV:GHSA-794X-8X6X-QPFC...

5.3CVSS5.8AI score0.00284EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/04 9:30 p.m.12 views

Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS7.1AI score0.00284EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/04 9:30 p.m.5 views

GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS9.4AI score0.00284EPSS
Exploits0References5
NVD
NVD
added 2025/07/04 9:15 p.m.6 views

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.5 views

zipkin 安全漏洞

zipkin is a distributed tracking system open-sourced by Open Zipkin. A security vulnerability exists in zipkin 3.5.1 and earlier versions, which originates from an attacker who can access sensitive system memory information via the /heapdump endpoint, leading to information disclosure...

5.3CVSS6.1AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/04 12:0 a.m.8 views

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS7.2AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.8 views

PT-2025-28022 · Zipkin +1 · Zipkin +1

Name of the Vulnerable Software and Affected Versions: Zipkin versions prior to 3.5.2 Description: The issue is related to the exposure of heap dump information through the "/heapdump" endpoint, which is associated with the use of Spring Boot Actuator. This endpoint is similar to a previously...

5.3CVSS6.1AI score0.00284EPSS
Exploits0References10
CVE
CVE
added 2025/07/04 12:0 a.m.52 views

CVE-2025-53602

CVE-2025-53602 affects Zipkin up to version 3.5.1 with a /heapdump endpoint (via Spring Boot Actuator). The root cause is exposure of sensitive heap memory information leading to potential information disclosure. The CVE is linked to related advisories (e.g., GHSA-794X-8X6X-QPFC) describing insec...

5.3CVSS6.3AI score0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/04 12:0 a.m.12 views

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/07/04 12:0 a.m.6 views

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

5.3CVSS9.4AI score0.00284EPSS
Exploits0References5
Wolfi
Wolfi
added 2025/06/11 1:46 p.m.22 views

CVE-2025-27817 vulnerabilities

Vulnerabilities for packages: opensearch, debezium-connector-spanner, wildfly, druid, strimzi-kafka-operator, thingsboard, logstash, apache-nifi, apicurio-registry, zipkin...

7.5CVSS7.3AI score0.63637EPSS
Exploits2
Wolfi
Wolfi
added 2025/06/11 1:45 p.m.10 views

GHSA-VGQ5-3255-V292 vulnerabilities

Vulnerabilities for packages: opensearch, debezium-connector-spanner, wildfly, druid, strimzi-kafka-operator, thingsboard, logstash, apache-nifi, apicurio-registry, zipkin...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2025/06/11 1:15 p.m.16 views

CVE-2025-27817 vulnerabilities

Vulnerabilities for packages: druid, apache-nifi, wildfly, thingsboard, strimzi-kafka-operator, logstash, debezium-connector-spanner, opensearch, zipkin, apicurio-registry...

7.5CVSS7.3AI score0.63637EPSS
Exploits2
Chainguard
Chainguard
added 2025/06/11 1:15 p.m.10 views

GHSA-VGQ5-3255-V292 vulnerabilities

Vulnerabilities for packages: druid, apache-nifi, wildfly, thingsboard, strimzi-kafka-operator, logstash, debezium-connector-spanner, opensearch, zipkin, apicurio-registry...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2025/05/10 1:45 a.m.20 views

GHSA-WHXR-3P84-RF3C vulnerabilities

Vulnerabilities for packages: zipkin...

7.5AI score
Exploits0
Wolfi
Wolfi
added 2025/05/10 1:45 a.m.27 views

CVE-2025-27533 vulnerabilities

Vulnerabilities for packages: zipkin...

7.5CVSS7.1AI score0.08453EPSS
Exploits2
Chainguard
Chainguard
added 2025/05/10 1:14 a.m.24 views

CVE-2025-27533 vulnerabilities

Vulnerabilities for packages: zipkin...

7.5CVSS7.5AI score0.08453EPSS
Exploits2
Rows per page
Query Builder