CVE-2021-21681

Jenkins Nomad Plugin prior to version 0.7.5 stores Docker registry credentials in plaintext in the global config.xml on the Jenkins controller, exposing them to any user with file-system access. This CVE (CVE-2021-21681) affects 0.7.4 and earlier. Root cause is unencrypted storage of passwords in...

Exploit for Path Traversal in Tar_Project Tar

CVE-2021-32804 yamory blog 「CVE-2021-32804 npmにも影響があるnode-ta...

PT-2021-14724 · Jenkins · Jenkins Nomad Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin versions 0.7.4 and earlier Description: The issue allows Docker passwords to be stored unencrypted in the global config.xml file on the Jenkins controller. These passwords can be viewed by users with access to the Jenkins...

GHSA-9JJR-QQFP-PPWX remote code execution via git repo provider

Impact A remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes...

Speakeasy - Windows Kernel And User Mode Emulation

Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific...

Ctf-Screenshotter - A CTF Web Challenge About Making Screenshots

A CTF web challenge about making screenshots. It is inspired by a bug found in real life. The challenge was created by @LiveOverflow for https://cscg.de/. Watch the video writeup here: https://www.youtube.com/watch?v=FCjMoPpOPYI Run the challenge To run the challenge you have to install...

async_docker (>=0.1.0 <=0.1.1), cargo (>=0.4.0 <=0.8.0) +11 more potentially affected by CVE-2018-20990 via tar (>=0.2.14 <=0.3.4)

tar CARGO version =0.2.14, =0.1.0, =0.4.0, =0.3.1, =0.1.0, =0.3.0, =0.2.0, =0.2.0, =0.2.1, =0.0.1, =0.0.9 - wormhole =0.1.0 Source cves: CVE-2018-20990 Source advisory: OSV:GHSA-2367-C296-3MP2...

CVE-2021-39159

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input...

CVE-2021-39159

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input...

PYSEC-2021-371

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input...

CVE-2021-39159 Remote code execution in Binderhub

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11.z security and bug fix update

Red Hat OpenShift Container Platform release 3.11.z is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4

A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like...

BinderHub 操作系统命令注入漏洞

BinderHub is a kubernetes-based cloud service that allows users to share replicable interactive computing environments from a codebase. BinderHub suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute code in the BinderHub context a...

PT-2021-4499 · Binderhub · Binderhub

Name of the Vulnerable Software and Affected Versions: BinderHub versions prior to 0.2.0-n653 Description: A remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potenti...

Exploit for Code Injection in Elastic Kibana

CVE-2019-7609 Kibana versions before 5.6.15 and 6.6.1 contain...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system. Steps to Reproduce 1...

@aeternity/aeproject (>=3.0.4 <=3.0.5), @berlinvege/fedockerjs (>=1.0.4 <=1.0.5) +95 more potentially affected by CVE-2021-23732 via docker-cli-js (>=1.0.9 <=2.9.0)

docker-cli-js NPM version =1.0.9, =3.0.4, =1.0.4, =0.0.10, =1.0.0, =0.0.1, =0.0.1, =1.0.710, =0.1.0, =3.0.28, =3.0.29, =0.0.1, =0.8.6, =1.0.0, =1.0.2 and more Source cves: CVE-2021-23732 Source advisory: SNYK:JS-DOCKERCLIJS-1568516...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including Docker, Git, and Oracle Java. The repository is maintained by phith0n and is licensed under the MIT...

SGXRay - Automating Vulnerability Detection for SGX Apps

Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based security mechanism requires a strict programming model on memory usage， with complex APIs in and out the enclave boundary. Enclave developers are...