CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9246
https://notcve.org/view.php?id=CVE-2017-9246
13 Jun 2017 — New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. New Relic .NET Agent, en versiones anteriores a la 6.3.123.0 añade errores de inyección SQL en aplicaciones seguras mediante vectores relacionados con el error a la hora de escapar comillas durante el... • https://blog.seanmcelroy.com/2017/05/26/sql-injection-with-new-relic-patched • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 2CVE-2014-1234
https://notcve.org/view.php?id=CVE-2014-1234
10 Jan 2014 — The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. La gema paratrooper-newrelic 1.0.1 para Ruby permite a usuarios locales obtener el valor de X-Api-Key enumerando el proceso curl. • http://openwall.com/lists/oss-security/2014/01/08/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-0284
https://notcve.org/view.php?id=CVE-2013-0284
09 Apr 2013 — Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data. El agente Ruby v3.2.0 hasta v3.5.2 serializa los datos sensibles en la comunicación con servidores operados por New Relic, o que permite a atacantes remotos obtener información sensible (credenciales de base de datos y sentencias SQL) por la ca... • http://seclists.org/oss-sec/2013/q1/304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •