Lucene search

K

13 matches found

CVE
CVE
added 2023/07/05 10:15 p.m.2485 views

CVE-2023-36827

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version 2.15.1, allowing re...

7.5CVSS7.6AI score0.00134EPSS
CVE
CVE
added 2024/11/26 7:15 p.m.2415 views

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls...

8.8CVSS6.5AI score0.00186EPSS
Web
CVE
CVE
added 2024/07/02 8:15 p.m.64 views

CVE-2024-38537

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard. There...

9.8CVSS3.7AI score0.22233EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.63 views

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The confi...

6.5CVSS6.3AI score0.00179EPSS
CVE
CVE
added 2023/11/15 9:15 p.m.61 views

CVE-2023-48224

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users...

9.1CVSS8.8AI score0.00415EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.60 views

CVE-2023-46124

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dat...

8.2CVSS7.5AI score0.00097EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.59 views

CVE-2023-46126

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes...

5.4CVSS4.8AI score0.00142EPSS
CVE
CVE
added 2024/05/29 5:16 p.m.45 views

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver start...

3.3CVSS3.4AI score0.00076EPSS
CVE
CVE
added 2024/09/04 4:15 p.m.42 views

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it tak...

5.3CVSS5.3AI score0.00067EPSS
CVE
CVE
added 2025/09/08 10:15 p.m.7 views

CVE-2025-57816

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rat...

7.5CVSS6.3AI score0.00052EPSS
CVE
CVE
added 2025/09/08 10:15 p.m.7 views

CVE-2025-57817

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their ...

8.6CVSS6.6AI score0.00047EPSS
CVE
CVE
added 2025/09/08 10:15 p.m.6 views

CVE-2025-57766

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors (such as XSS) ca...

6.3CVSS6.4AI score0.00035EPSS
CVE
CVE
added 2025/09/08 10:15 p.m.6 views

CVE-2025-57815

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to con...

6.5CVSS6.6AI score0.00059EPSS