CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4369 – Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
https://notcve.org/view.php?id=CVE-2024-4369
An information disclosure flaw was found in OpenShift's internal image registry operator. ... An attacker controlling an account that has high enough permissions to obtain pod information from the openshift-image-registry namespace could use this obtained client secret to perform actions as the registry operator's Azure service account. • https://access.redhat.com/errata/RHSA-2024:3881 https://access.redhat.com/errata/RHSA-2024:3889 https://access.redhat.com/security/cve/CVE-2024-4369 https://bugzilla.redhat.com/show_bug.cgi?id=2278035 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2877 – Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
https://notcve.org/view.php?id=CVE-2024-2877
These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. • https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node https://security.netapp.com/advisory/ntap-20240614-0002 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48684
https://notcve.org/view.php?id=CVE-2023-48684
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-6021 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48683
https://notcve.org/view.php?id=CVE-2023-48683
Sensitive information disclosure and manipulation due to missing authorization. • https://security-advisory.acronis.com/advisories/SEC-5899 • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28961
https://notcve.org/view.php?id=CVE-2024-28961
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. • https://www.dell.com/support/kbdoc/en-us/000224251/dsa-2024-184-security-update-for-dell-openmanage-enterprise-vulnerability • CWE-256: Plaintext Storage of a Password •