CVE-2024-20491 – Cisco Nexus Dashboard Insights Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20491
A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. ... A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc •
CVE-2024-20490 – Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20490
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. ... A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndhs-idv-Bk8VqEDc •
CVE-2024-20448 – Cisco Nexus Dashboard Fabric Controller Credential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-20448
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. ... A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-cidv-XvyX2wLj •
CVE-2024-45408 – eLabFTW contains a direct and indirect information disclosure
https://notcve.org/view.php?id=CVE-2024-45408
An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. • https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5 • CWE-284: Improper Access Control •
CVE-2024-45792 – MantisBT vulnerable to information disclosure with user profiles
https://notcve.org/view.php?id=CVE-2024-45792
Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41 https://mantisbt.org/bugs/view.php?id=34640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •