Primary

Context

Para Multitenant Backend Access and Secret Key Exposure Vulnerability

Vulnerability

Patched

A vulnerability in Para, a multitenant backend server/framework for object persistence and retrieval, allows access and secret keys to be logged without redaction in versions prior to 1.50.8. This unredacted logging occurs during the server initialization process and exposes sensitive credentials that are later reused in variable assignments for persistence, despite not being necessary for debugging or system health monitoring. The issue has been addressed in version 1.50.8.

Impact

Exposed access and secret keys in logs, creating a risk of unauthorized access or manipulation of persistent data.

Remediation

Users can upgrade to Para version 1.50.8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Para Multitenant Backend Access and Secret Key Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Erudika Para

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating