📦 Fides

This CVE describes a Server-Side Template Injection vulnerability in Fides privacy platform's Email Templating feature. It allows privileged users (Owners or Contributors) to execute arbitrary code on...

This vulnerability allows attackers to bypass rate limiting protections in Fides privacy engineering platform deployments that rely on its built-in IP-based rate limiting. It affects environments usin...

This vulnerability in the Fides privacy platform allows attackers to predict one-time verification codes due to weak random number generation. Attackers can submit verified data erasure requests to de...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the Fides privacy engineering platform. Attackers can upload malicious YAML files in custom integrations to make arbitrary requ...

This vulnerability allows authenticated, highly-privileged users to bypass the sandbox environment in Fides webserver API and execute arbitrary code with root privileges. It affects Fides versions 2.1...

CVE-2023-36827 is a path traversal vulnerability in Fides privacy engineering platform that allows remote attackers to read arbitrary files on the webserver container's filesystem. This affects Fides ...

Fides Admin UI login endpoint lacks specific anti-automation controls, allowing attackers to conduct credential testing attacks like brute-force, credential stuffing, or password spraying. This affect...

This vulnerability allows unauthenticated attackers to determine valid usernames in Fides privacy platform by measuring timing differences in authentication responses. Attackers can use this informati...