9260 matches found
CVE-2023-30516
CVE-2023-30516 affects Jenkins Image Tag Parameter Plugin. The 2.0 release improperly adds an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. As a result, job configurations that used Image Tag Parameters created before version 2.0 may have SSL/TLS certif...
[SECURITY] Fedora 37 Update: skopeo-1.11.2-1.fc37
Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...
PT-2023-2575 · Jenkins · Jenkins Image Tag Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Image Tag Parameter Plugin version 2.0 Description: The Jenkins Image Tag Parameter Plugin improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. This results in job...
Jenkins Plugin Image Tag Parameter 信任管理问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-1617)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploi...
EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-1618)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be...
PT-2023-2327 · Minikube · Minikube
Name of the Vulnerable Software and Affected Versions: minikube affected versions not specified Description: The issue is related to information disclosure in the minikube tool, which could allow a remote attacker to gain access to the container. Specifically, it exposes a network port in minikub...
The vulnerability of the data storage system based on Docker for APM monitoring in IBM Instana Observability allows a attacker to gain access to read or modify data.
The vulnerability of the Docker-based data storage solution for APM monitoring in IBM Instana Observability involves a lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker operating remotely to gain access to read or modify data...
NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0014)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2) +139 more potentially affected by CVE-2023-29005 via flask-appbuilder (>=1.10.0 <=4.1.4)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.6, =0.0.8 and more Source cves: CVE-2023-29005 Source advisory: OSV:GHSA-9HCR-9HCV-X6PV...
IBM Instana 243-0 Missing Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Exploit for Incorrect Authorization in Vmware Spring_Security
CVE-2022-22978 POC environment CVE-2022-22978 Spring-Security bypass Demo 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 影响范围 Spring Security 5.5.x http://localhost:8080/admin/index%0a Docker docker pull s0cke3t/cve-2022-22978:latest...
Docker based datastores for IBM Instana 241-2 243-0 - No Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Exploit
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Denial Of Service (DoS)
docker is vulnerable to Denial of Service DoS attacks. The injection of arbitrary ethernet frames allow remote attackers to enable denial of service attacks, such as establishing a UDP or TCP connection or smuggling packets into the overlay network...
Information Disclosure
docker is vulnerable to Information Disclosure. Encrypted overlay networks on affected platforms silently transmit unencrypted data, without any confidentiality or data integrity guarantees. This can lead to unexpected secrets or user data disclosure, as many database protocols, internal APIs, et...
Authorization Bypass
docker is vulnerable to Authorization Bypasses. Encrypted overlay networks can be used to inject arbitrary Ethernet frames into the network by encapsulating them in VXLAN datagrams...
Stored XSS via Markdown Comment
Description Register one account on blog, if account was actived, it can be comment. \ We can commment with markdown.\ When another user clicks on the comment there may be an XSS alert. I git clone project and build with docker. Latest commit is: 07a1ded08eb4e0c6979f6aeebc35f3864ba250a7\ \ Proof ...
Authentication Bypass
farmhaystack is vulnerable to Authentication Bypass. The vulnerability exists in docker-compose.yml due to the use of hard-coded, security-relevant constants which allows an attacker to make changes in the annotation process...
CVE-2023-1802
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and...