38 matches found
EUVD-2024-47844
Malicious code in bioql PyPI...
EUVD-2024-47903
Malicious code in bioql PyPI...
EUVD-2024-2350
Malicious code in bioql PyPI...
EUVD-2023-0909
Malicious code in bioql PyPI...
CVE-2024-6833
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
CVE-2024-6916
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...
PT-2024-39845 · Zowe · Zowe
Name of the Vulnerable Software and Affected Versions: Zowe versions 1.0.0 through 1.28.8 Zowe versions 2.0.0 through 2.18.0 Description: The health endpoint is public, allowing everybody to see a list of all services, which is potentially valuable information for attackers. Recommendations: For...
API Mediation Layer 安全漏洞
API Mediation Layer is a Zowe open source API mediation layer. It provides a single point of access to the mainframe services REST API. A security vulnerability exists in API Mediation Layer. An attacker exploiting this vulnerability could check whether a service is running...
CVE-2024-6916
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...
CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...
CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties
A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...
CVE-2024-6916
CVE-2024-6916 affects the Zowe CLI, where a local, privileged actor can display securely stored properties in cleartext in a terminal by using the --show-inputs-only flag. The vulnerability is introduced in the CLI’s handling of inputs and exposes secrets that should remain confidential. Reported...
Credentials Exposure
Zowe CLI is vulnerable to a credentials exposure. The vulnerability is due to insecure storage of credentials in the Zowe CLI's auto-init operation, allowing attackers to access and potentially misuse sensitive information stored in a plaintext file...
PT-2024-37955 · Zowe Cli · Zowe Cli
Name of the Vulnerable Software and Affected Versions: Zowe CLI affected versions not specified Description: A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. Recommendations: At th...
GHSA-GHGQ-X6WC-6JR5 Zowe CLI allows storage of previously entered secure credentials in a plaintext file
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
@ibm/rse-api-for-zowe-cli (>=3.2.2 <=4.1.0), @zowe/zowe-explorer-api (>=2.13.0 <=2.15.0) potentially affected by CVE-2024-6833 via @zowe/cli (>=7.18.0 <=7.23.3)
@zowe/cli NPM version =7.18.0, =3.2.2, =2.13.0, =2.15.0 Source cves: CVE-2024-6833 Source advisory: OSV:GHSA-GHGQ-X6WC-6JR5...
CVE-2024-6833
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...
CVE-2024-6834
A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...
CVE-2024-6833
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation...