Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Rockset: Leaking Rockset API key on Github

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Rockset: Leaking Rockset API key on Github


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
Summary: We all know that Github is great, but it runs the risk of some credentials being revealed by mistake. In this case I found a Rockset API key, This API key is not in the current code, but it is visible in an old commit. Steps To Reproduce: You can find the leak in this link : https://github.com/rockset/recipes/pull/19/files ``` / Getting the distance covered by each vehicle using the latest and oldest locations / distance_for_vehicles AS ( SELECT ST_DISTANCE( @@ -128,7 +147,7 @@ 'q4': query4 } api_key = "skZMJRZSXLZZj5HAdBjNxUfZbarWV5dLqfVO6U623zW5KROzfY0vNRa22ToZfRRe" ``` Then I visited the documentation of Rockset ( https://docs.rockset.com/rest-api/ ) and I found this way to check if the API key is revoke or not curl --request GET \ --url https://api.rs2.usw2.rockset.com/v1/orgs/self/users/self/apikeys \ -H 'Authorization: ApiKey skZMJRZSXLZZj5HAdBjNxUfZbarWV5dLqfVO6U623zW5KROzfY0vNRa22ToZfRRe' and I got this answer: {"data":[{"created_at":"2019-10-22T06:08:37Z","name":"K1","key":"skZMJRZSXLZZj5HAdBjNxUfZbarWV5dLqfVO6U623zW5KROzfY0vNRa22ToZfRRe","last_access_time":null,"created_by":null}]} So I could verify that it was not revoked Impact I just checked that the key was not revoked. I didn't try anything with the token to be prudent, and I don't know the real impact of this, But I think it is a good idea to share this with you, to avoid any risk that may grow.... ...



๐Ÿ“Œ Rockset: Leaking Rockset API key on Github


๐Ÿ“ˆ 94.3 Punkte

๐Ÿ“Œ Rockset: S3 bucket data at http://rockset-support.s3-us-west-2.amazonaws.com/ reveals user addresses based on latitudes and longitudes.


๐Ÿ“ˆ 59.55 Punkte

๐Ÿ“Œ Rockset takes a deeper dive into enterprise data pool


๐Ÿ“ˆ 29.78 Punkte

๐Ÿ“Œ Weblate: Open Github Repo Leaking WEBLATE SECRET KEY


๐Ÿ“ˆ 28.47 Punkte

๐Ÿ“Œ Thousands of API and cryptographic keys leaking on GitHub every day


๐Ÿ“ˆ 27.72 Punkte

๐Ÿ“Œ Stripo Inc: Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo


๐Ÿ“ˆ 26.62 Punkte

๐Ÿ“Œ TIBCO FTP Community Edition up to 6.5.0 on Windows Server/C API/Golang API/Java API/.Net API access control


๐Ÿ“ˆ 25.11 Punkte

๐Ÿ“Œ No, GitHub's source code wasn't hacked and posted on GitHub, says GitHub CEO


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ GitHub Honors Class of 2021 with 'GitHub Yearbook' and 'GitHub Graduation' Ceremony


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Deploying a Vite app on GitHub Pages using GitHub Actions with GitHub Secrets


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ GitHub announces the preview of GitHub Copilot Enterprise and general availability of GitHub Copilot Chat


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Informatica: Public Github Repo Leaking Internal Credentials Leading To DiscoveryIQ Docker Access


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Mail.ru: This Github Repository Seems Leaking "nino.samokat.ru" Source Code


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ GitHub Security Lab: Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Yelp: Public Github Repo Leaking Internal Credentials


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ Liberapay: Leaking Of Sensitive Information on Github


๐Ÿ“ˆ 21.44 Punkte

๐Ÿ“Œ How to Build Your First GitHub App with JavaScript and GitHub API: Easy and Fast


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Using GitHub API to fetch and display a GitHub user profile


๐Ÿ“ˆ 21.25 Punkte

๐Ÿ“Œ Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about


๐Ÿ“ˆ 20.98 Punkte

๐Ÿ“Œ Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about (TheReg)


๐Ÿ“ˆ 20.98 Punkte

๐Ÿ“Œ Starbucks Devs Leave API Key in GitHub Public Repo


๐Ÿ“ˆ 20.8 Punkte

๐Ÿ“Œ Starbucks Exposed An API Key In GitHub Public Repository


๐Ÿ“ˆ 20.8 Punkte

๐Ÿ“Œ Twitter: AppLovin API Key hardcoded in a Github repo


๐Ÿ“ˆ 20.8 Punkte

๐Ÿ“Œ Starbucks Devs Leave API Key in GitHub Public Repo


๐Ÿ“ˆ 20.8 Punkte

๐Ÿ“Œ Solana BBP: Public and secret api key leaked via Solana BBP github repo


๐Ÿ“ˆ 20.8 Punkte

๐Ÿ“Œ Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ Thousands of Apps Leaking Twitter API Keys


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ 3,200 Mobile Apps Leaking Twitter API Keys โ€“ Expert Comments


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ Thousands of Mobile Apps Leaking Twitter API Keys


๐Ÿ“ˆ 20.23 Punkte











matomo