CVE-2024-8509

CVE-2024-8509 affects Red Hat Migration Toolkit for Virtualization (Migration toolkit for virtualization) via the Forklift Controller component. The issue arises because Forklift Controller does not properly validate the Authorization header beyond requiring bearer authentication; without a token...

CVE-2024-8509

A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response wi...

BIT-ARGO-CD-2020-11576

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid non-SSO accounts because /api/v1/session returned 401 for an existing username and 404 otherwise...

Kubernetes: Tokenless GUI Authentication

Report Submission Form Summary: A person has the ability to bypass the login screen using the 401 error code produced from a failed token login. The user is given the privileges of an system:anonymous user. Kubernetes Version: kubectl, kubeadm, kubelet 1.22.2 Ubuntu 20.04.3 - 64bit Component...