CNNVD-202508-115 Information
CNNVD ID
CNNVD-202508-115
Related CVE
- CNNVD Published: 2025-08-02
Description (Chinese)
Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau 1.0.0之前版本存在日志信息泄露漏洞,该漏洞源于调试模式下泄露Intune服务访问令牌,可能导致信息泄露。
Description (English)
Himmelblau is an Azure Entra ID authentication module at the Himmelblau Open Source. The previous version of Himmelblau 1.0.0 had a leak in log information, which originated from the leaking of Intune service access tokens under debugging mode, which could lead to the leaking of information.
Hazard Level
Critical
Vulnerability Type
日志信息泄露
Affected Vendor
Himmelblau
Published
2025-08-02
Last Modified
2026-02-24
References
https://github.com/himmelblau-idm/himmelblau/commit/2d512bded90ac6a54fcdf737b43ff5d9d4cdb59e https://github.com/himmelblau-idm/himmelblau/releases/tag/1.1.0 https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-78qg-vmrw-574w https://access.redhat.com/security/cve/cve-2025-54781
Patch
https://github.com/himmelblau-idm/himmelblau/releases
Share on: