CVE-2024-27179

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-1295
View all →

Vulnerability Description

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.

Related Vulnerabilities

CVE-2024-11217

MEDIUM
CVSS:4.9(Medium)

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

CWE-12952024

CVE-2021-25476

MEDIUM
CVSS:4.4(Medium)

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CWE-12952021

CVE-2022-34364

MEDIUM
CVSS:4.4(Medium)

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged...

CWE-12952022

CVE-2023-28077

MEDIUM
CVSS:4.4(Medium)

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locall...

CWE-12952023

CVE-2021-31412

MEDIUM
CVSS:5.3(Medium)

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), ...

CWE-12952021

CVE-2025-20643

MEDIUM
CVSS:5.7(Medium)

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has...

CWE-12952025