Fides Security Vulnerabilities and Issues — Fides CVE List

Lucene search

EthycaFides

7 matches found

CVE•added 2024/11/26 7:15 p.m.•2411 views

CVE-2024-52008

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls...

2CVSS6.5AI score0.00114EPSS

CVE•added 2024/05/30 8:15 p.m.•74 views

CVE-2024-35189

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data (e.g. passwords, private keys, etc.). These secrets are stored encrypted at rest (in the ap...

6.5CVSS6.4AI score0.00077EPSS

CVE•added 2024/07/02 8:15 p.m.•58 views

CVE-2024-38537

Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard. There...

3.7AI score0.048EPSS

CVE•added 2024/07/03 6:15 p.m.•41 views

CVE-2024-31223

Fides is an open-source privacy engineering platform, and SERVER_SIDE_FIDES_API_URL is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address...

5.3CVSS5.1AI score0.00437EPSS

CVE•added 2024/05/29 5:16 p.m.•41 views

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver start...

2.3CVSS3.4AI score0.00051EPSS

CVE•added 2024/09/04 4:15 p.m.•41 views

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it tak...

5.3CVSS5.3AI score0.00067EPSS

CVE•added 2024/09/04 4:15 p.m.•39 views

CVE-2024-45053

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Executi...

9.1CVSS8.8AI score0.01071EPSS