CVE-2023-32078

CVE-2023-32078 : In Gravitl Netmaker (WireGuard-based networks), an insecure direct object reference (IDOR) vulnerability exists in the user update function that lets an attacker change another user’s password by providing a different username. Affected versions: before 0.17.1 and before 0.18.6. ...

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

CVE-2023-32077

Netmaker Vulnerability: Hardcoded DNS secret key allows unauthenticated users to interact with DNS API endpoints. Affects Netmaker builds prior to 0.17.1 and 0.18.6. Remediation per sources: upgrade to v0.17.1 (patched) or v0.18.6+ (fixed). If on 0.17.1, run docker pull gravitl/netmaker:v0.17.1 a...

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

PT-2023-23590

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in...

MGASA-2023-0245 Updated docker-containerd packages fix security vulnerability

Memory leak. CVE-2022-23471 Denial of service with maliciously crafted image with a large file CVE-2023-25153 Security bypass due to improper supplementary group handling. CVE-2023-25173...

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...

Dell Cyber Recovery < 19.11.0.2 Authentication Bypass (DSA-2022-196)

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote, unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images...

Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.

Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights...

H2 Web Interface Create Alias RCE

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability

Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...

GHSA-V9RW-HJR3-426H Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability

Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

Cross site scripting

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

CVE-2023-40350

Summary : CVE-2023-40350 affects Jenkins Docker Swarm Plugin ≤ 1.11. The vulnerability arises because the plugin does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, enabling stored XSS when attackers can influence Docker responses. Public adviso...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...