CVE-2023-48796 – Apache dolphinscheduler sensitive information disclosure
https://notcve.org/view.php?id=CVE-2023-48796
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment variable `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` to workaround this, or add the following section in the `application.yaml` file ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue affects Apache DolphinScheduler: from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Apache DolphinScheduler. La información expuesta a actores no autorizados puede incluir datos confidenciales, como credenciales de bases de datos. Los usuarios que no pueden actualizar a la versión fija también pueden configurar la variable de entorno `MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus` para solucionar este problema, o agregar la siguiente sección en el archivo ``application.yaml` ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` Este problema afecta a Apache DolphinScheduler: desde 3.0.0 antes de 3.0.2. Se recomienda a los usuarios actualizar a la versión 3.0.2, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2023/11/24/1 https://lists.apache.org/thread/ffrmkcwgr2lcz0f5nnnyswhpn3fytsvo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-44303
https://notcve.org/view.php?id=CVE-2023-44303
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). • https://www.dell.com/support/kbdoc/en-us/000219712/dsa-2023-426-security-update-for-rvtools-vulnerabilities • CWE-310: Cryptographic Issues CWE-522: Insufficiently Protected Credentials •
CVE-2023-6505 – Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6505
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. El complemento Migrate WordPress Website & Backups de WordPress anterior a 1.9.3 no impide la lista de directorios en directorios confidenciales que contienen archivos de exportación. The Migrate WordPress Website & Backups – Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes. • https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-48333 – WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-48333
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce.This issue affects Booster for WooCommerce: from n/a through 7.1.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Pluggabl LLC Booster para WooCommerce. Este problema afecta a Booster para WooCommerce: desde n/a hasta 7.1.1. The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_atts() function in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order information. • https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-1-authenticated-arbitrary-order-information-disclosure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2021-39008 – IBM QRadar WinCollect Agent information disclosure
https://notcve.org/view.php?id=CVE-2021-39008
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551. IBM QRadar WinCollect Agent 10.0 a 10.1.7 podría permitir que un usuario privilegiado obtenga información confidencial debido a la falta de mejores prácticas. ID de IBM X-Force: 213551. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213551 https://www.ibm.com/support/pages/node/7081403 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •