{"vulnerability": "CVE-2023-46255", "sightings": [{"uuid": "efcf0e15-0dca-417c-83ed-7a64c5fff714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46255", "type": "seen", "source": "https://t.me/cibsecurity/73251", "content": "\u203c CVE-2023-46255 \u203c\n\nSpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T19:22:14.000000Z"}]}