CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1404 – Linksys WRT54GL Web Management Interface SysInfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1404
The manipulation leads to information disclosure. ... Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1 https://vuldb.com/?ctiid.253328 https://vuldb.com/?id.253328 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-21624 – Potential Information Leak in User-Constructed Message Templates in nonebot2
https://notcve.org/view.php?id=CVE-2024-21624
This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. • https://github.com/nonebot/nonebot2/pull/2509 https://github.com/nonebot/nonebot2/security/advisories/GHSA-59j8-776v-xxxg • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45716 – HCL Sametime is impacted by a sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-45716
Sametime is impacted by sensitive information passed in URL. Sametime se ve afectado por la información confidencial transmitida en la URL. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50291 – Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
https://notcve.org/view.php?id=CVE-2023-50291
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.... Uno de los dos endpoints que publica las propiedades del sistema Java del proceso Solr, /admin/info/properties, solo se configuró para ocultar las propiedades del sistema que tenían "password" en el nombre. Hay una serie de propiedades confidenciales del sistema, como "basicauth" y "aws.secretKey" que no contienen "password", por lo que sus valores se publicaron a través del endpoint "/admin/info/properties". ... Este endpoint /admin/info/properties está protegido bajo el permiso "config-read". • http://www.openwall.com/lists/oss-security/2024/02/09/4 https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42016 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-42016
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265559 https://www.ibm.com/support/pages/node/7116083 • CWE-319: Cleartext Transmission of Sensitive Information CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •