CVE-2024-31493
MEDIUMDescription
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortisoar |
References
Frequently Asked Questions
What is CVE-2024-31493? +
How severe is CVE-2024-31493? +
What products are affected by CVE-2024-31493? +
How do I check if I'm vulnerable to CVE-2024-31493? +
Related Vulnerabilities
Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions …
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used …
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to …
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or …
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality.