Total
242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38924 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-02-04 | N/A | 7.5 HIGH |
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163. | |||||
CVE-2021-39018 | 3 Ibm, Linux, Microsoft | 3 Engineering Lifecycle Optimization Publishing, Linux Kernel, Windows | 2024-02-04 | N/A | 4.3 MEDIUM |
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. | |||||
CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2024-02-04 | N/A | 5.3 MEDIUM |
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | |||||
CVE-2022-31189 | 1 Duraspace | 1 Dspace | 2024-02-04 | N/A | 5.3 MEDIUM |
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file. | |||||
CVE-2022-39307 | 1 Grafana | 1 Grafana | 2024-02-04 | N/A | 5.3 MEDIUM |
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds. | |||||
CVE-2022-31229 | 1 Dell | 1 Powerscale Onefs | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | |||||
CVE-2022-31023 | 1 Lightbend | 1 Play Framework | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. | |||||
CVE-2022-23794 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. | |||||
CVE-2021-35251 | 1 Solarwinds | 1 Web Help Desk | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation. | |||||
CVE-2022-26973 | 1 Barco | 1 Control Room Management Suite | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | |||||
CVE-2022-1120 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | |||||
CVE-2022-0622 | 1 Snipeitapp | 1 Snipe-it | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | |||||
CVE-2021-43206 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. | |||||
CVE-2022-26070 | 1 Splunk | 1 Splunk | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. | |||||
CVE-2021-46353 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application. | |||||
CVE-2022-24731 | 1 Linuxfoundation | 1 Argo-cd | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications. | |||||
CVE-2021-39023 | 1 Ibm | 1 Guardium Data Encryption | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. | |||||
CVE-2021-32937 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated. | |||||
CVE-2022-24906 | 1 Nextcloud | 1 Deck | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available. | |||||
CVE-2022-24730 | 1 Linuxfoundation | 1 Argo-cd | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications' source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds. |