CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3300 – Nomad Search API Leaks Information About CSI Plugins
https://notcve.org/view.php?id=CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1. • https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 • CWE-266: Incorrect Privilege Assignment CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of functionality outside the user's permissions, or denial of service. • https://security.netapp.com/advisory/ntap-20230814-0008 https://spring.io/security/cve-2023-34034 https://access.redhat.com/security/cve/CVE-2023-34034 https://bugzilla.redhat.com/show_bug.cgi?id=2241271 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26026 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26026
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26023 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26023
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 https://www.ibm.com/support/pages/node/6999351 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27877 – IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 https://www.ibm.com/support/pages/node/6999351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •