CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1000060

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile7.99th
Published2018年2月9日
Last Modified2024年11月21日

Vulnerability Description

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.

Affected Platforms (CPE)

📦
Sensu

Sensu Core

< 1.2.1

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2018:0616
🔗 https://access.redhat.com/errata/RHSA-2018:1112
🔗 https://access.redhat.com/errata/RHSA-2018:1606
🔗 https://github.com/sensu/sensu/issues/1804
🔗 https://github.com/sensu/sensu/pull/1810
🔗 https://access.redhat.com/errata/RHSA-2018:0616
🔗 https://access.redhat.com/errata/RHSA-2018:1112
🔗 https://access.redhat.com/errata/RHSA-2018:1606

相關漏洞威脅

CVE-2018-10002098.8

Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platf...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...