Para Server Logs Sensitive Information

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

通过日志文件的信息暴露

para 日志信息泄露漏洞

para是Erudika开源的一个多租户后端服务器，用于快速构建web和移动应用程序。 para 1.50.8之前版本存在日志信息泄露漏洞，该漏洞源于日志中未脱敏访问密钥和秘密密钥，可能导致凭据泄露。

N/A

N/A