CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46125 – Fides Information Disclosure Vulnerability in Config API Endpoint
https://notcve.org/view.php?id=CVE-2023-46125
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers’ addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. • https://github.com/ethyca/fides/commit/c9f3a620a4b4c1916e0941cb5624dcd636f06d06 https://github.com/ethyca/fides/releases/tag/2.22.1 https://github.com/ethyca/fides/security/advisories/GHSA-rjxg-rpg3-9r89 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38485
https://notcve.org/view.php?id=CVE-2022-38485
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. • https://citadelo.com/download/CVE-2022-38485.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33837 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2023-33837
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. IBM Security Verify Governance 10.0 no cifra información confidencial o crítica antes del almacenamiento o la transmisión. ID de IBM X-Force: 256020. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256020 https://www.ibm.com/support/pages/node/7057377 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22466 – IBM Security Verify Governance information disclosure
https://notcve.org/view.php?id=CVE-2022-22466
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 225222. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225222 https://www.ibm.com/support/pages/node/7057377 • CWE-798: Use of Hard-coded Credentials •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-35685 – PowerVR Out-Of-Bounds Access / Information Leak
https://notcve.org/view.php?id=CVE-2023-35685
PowerVR suffers from a multitude of memory management bugs including out-of-bounds access and information leakage. •