CVE-2022-39292

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-1258
View all →

Vulnerability Description

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs.

Related Vulnerabilities

CVE-2024-36912

HIGH
CVSS:8.1(High)

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encr...

CWE-12582024

CVE-2024-36913

HIGH
CVSS:8.1(High)

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory...

CWE-12582024

CVE-2023-48308

MEDIUM
CVSS:6.5(Medium)

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is rec...

CWE-12582023

CVE-2024-36912

HIGH
CVSS:8.1(High)

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encr...

CWE-12582024

CVE-2024-36913

HIGH
CVSS:8.1(High)

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory...

CWE-12582024

CVE-2023-48308

MEDIUM
CVSS:6.5(Medium)

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is rec...

CWE-12582023