CVE-2026-30928

High CVSS: 8.7

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT signing keys, and SSL key passwords. This vulnerability is fixed in 4.5.1.

Vendor

Nicolargo

Product

Glances

CWE

CWE-200

Yayın Tarihi

2026-03-10 18:18:52

Güncelleme

2026-03-17 16:20:29

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Glances HIGH Nicolargo 2026

Referanslar

https://github.com/nicolargo/glances/commit/306a7136154ba5c1531489c99f8306d84eae37da https://github.com/nicolargo/glances/releases/tag/v4.5.1 https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6

Benzer Kayıtlar

High

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic config…

High

CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (act…

High

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glance…

High

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL inject…

Medium

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the…

Critical

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/…