@hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies

Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some admin-equivalent policy paths could pass policy evaluation. Patched in 1.3.2: the validator inspects the affected policy shapes and includes...

GHSA-4XRH-5M3M-328W @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies

Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some admin-equivalent policy paths could pass policy evaluation. Patched in 1.3.2: the validator inspects the affected policy shapes and includes...

BIT-MINIO-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication

MinIO is a high-performance object storage system. From 2022.11.08 to before 2026.03.17, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy...

Cisco Catalyst Center Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

Design/Logic Flaw

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

CVE-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

CVE-2020-9329

Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition...

Race condition

Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition...

CVE-2020-9329

Gogs (Go Git Service) up to version 0.11.91 is affected by a race condition in internal/db/repo.go that allows an attacker to bypass the admin-defined repository-creation policy. The vulnerability enables creation of repositories beyond the configured limits, leveraging a race condition. Exploita...