Vulnerabilidades en SteeltoeOSS
8 resultadosCVE-2024-40636MEDIUMBasic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with Peer AwarenessEPSS 0.4%CVE-2026-50196HIGHSteeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetchEPSS 0.3%CVE-2026-50202MEDIUMSteeltoe's static JWKS cache shared across schemes and never invalidatedEPSS 0.3%CVE-2026-50194HIGHSteeltoe vulnerable to management-port isolation bypass via spoofed Host headerEPSS 0.2%CVE-2026-50201MEDIUMSteeltoe's sensitive actuators (heapdump/env) only require Restricted permissionEPSS 0.2%CVE-2026-50200HIGHSteeltoe's env sanitizer misses connection strings — leaks embedded DB passwordsEPSS 0.2%CVE-2026-50267MEDIUMSteeltoe: TLS private keys written to /tmp with default permissions, never deletedEPSS 0.1%CVE-2026-50268LOWSteeltoe: OAEP setting silently selects PKCS#1 v1.5 paddingEPSS 0.0%