Total
766 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40405 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 3.3 LOW |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. | |||||
CVE-2023-40392 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 3.3 LOW |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
CVE-2023-40338 | 1 Jenkins | 1 Folders | 2024-11-21 | N/A | 4.3 MEDIUM |
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. | |||||
CVE-2023-40029 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | N/A | 9.9 CRITICAL |
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal. | |||||
CVE-2023-3993 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.9 MEDIUM |
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint. | |||||
CVE-2023-3363 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.9 LOW |
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. | |||||
CVE-2023-3350 | 1 Ayesa | 1 Ibermatica Rps | 2024-11-21 | N/A | 8.2 HIGH |
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | |||||
CVE-2023-3349 | 1 Ayesa | 1 Ibermatica Rps | 2024-11-21 | N/A | 8.2 HIGH |
Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | |||||
CVE-2023-3335 | 2 Hitachi, Linux | 2 Ops Center Administrator, Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | |||||
CVE-2023-39447 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-11-21 | N/A | 4.4 MEDIUM |
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2023-39348 | 1 Linuxfoundation | 1 Spinnaker | 2024-11-21 | N/A | 4.0 MEDIUM |
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope. | |||||
CVE-2023-38067 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | |||||
CVE-2023-38064 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | |||||
CVE-2023-37224 | 1 Archerirm | 1 Archer | 2024-11-21 | N/A | 6.0 MEDIUM |
An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. | |||||
CVE-2023-36649 | 1 Prolion | 1 Cryptospike | 2024-11-21 | N/A | 9.1 CRITICAL |
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | |||||
CVE-2023-36494 | 1 F5 | 1 F5os-a | 2024-11-21 | N/A | 4.4 MEDIUM |
Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2023-35695 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 7.5 HIGH |
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | |||||
CVE-2023-34223 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.3 MEDIUM |
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | |||||
CVE-2023-34097 | 1 Hoppscotch | 1 Hoppscotch | 2024-11-21 | N/A | 7.8 HIGH |
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-33001 | 1 Jenkins | 1 Hashicorp Vault | 2024-11-21 | N/A | 7.5 HIGH |
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. |