Lucene search
K

86 matches found

CNNVD
CNNVD
added 2024/10/16 12:0 a.m.6 views

Rancher 安全漏洞

Rancher is an open source container management platform from the US-based Rancher Open Source, built for organizations deploying containers in production environments. A security vulnerability exists in Rancher versions prior to 2.7.14 and prior to 2.8.5, which stems from a failure to automatical...

8.8CVSS6.6AI score0.00585EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/26 1:34 p.m.18 views

CVE-2024-7128 Openshift-console: unauthenticated data exposure

A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler and authHandlerWithUser middleware functions. When the default authentication provider "openShiftAuth" is set, these functions do not perform any authentication checks, relying instead on the...

5.3CVSS0.00414EPSS
Exploits0References5
OSV
OSV
added 2024/06/28 3:28 p.m.20 views

GO-2024-2931 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

8.8CVSS8.6AI score0.00585EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/18 3:4 a.m.3 views

SUSE CVE-2023-22650

A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user's...

8.8CVSS6.8AI score0.00585EPSS
Exploits0References4
OSV
OSV
added 2024/06/17 10:30 p.m.17 views

GHSA-9GHH-MMCQ-8PHC Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the...

8.8CVSS8.8AI score0.00585EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/06/17 10:30 p.m.27 views

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the...

8.8CVSS6.8AI score0.00585EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.8 views

PT-2024-11972

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.7.14 Rancher versions prior to 2.8.5 Description A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider. This...

8.8CVSS6.8AI score0.00585EPSS
Exploits0References14
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 1:37 a.m.29 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-51437 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2023-51437 DESCRIPTION: Apache Pulsar could allow a remote attacker to bypass security restrictions, caused...

7.4CVSS7.4AI score0.00763EPSS
Exploits0Affected Software1
Prion
Prion
added 2024/02/14 9:15 p.m.15 views

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers CAS, SAML, OIDC to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...

4CVSS7.1AI score0.00477EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/02/07 12:30 p.m.41 views

Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

7.4CVSS7AI score0.00763EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2023/08/17 9:19 p.m.11 views

CVE-2023-40171 Dispatch writes JWT tokens in error message

Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the Dispatch Plugin - Basic Authentication Provider plugin encounters an error when attempting to decode a JWT token. Any Dispatch users...

9.1CVSS7.5AI score0.00758EPSS
Exploits1References6
Veracode
Veracode
added 2023/01/27 5:28 a.m.10 views

Session Fixation

github.com/rancher/rancher is vulnerable to Session Fixation. The vulnerability exists because the library does not properly revoke the generated token after modification is made to the authentication provider, allowing an attacker to retain access to Rancher and the kubectl cluster...

3.8AI score
Exploits0
NVD
NVD
added 2022/12/13 8:15 a.m.43 views

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

7.5CVSS0.00751EPSS
Exploits0References1
NVD
NVD
added 2022/10/12 9:15 p.m.35 views

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

8.1CVSS0.03025EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.48 views

Dotnetnuke 6.0.x < 9.11.0 Multiple Vulnerabilities (09.11.00)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 9.11.0. It is, therefore, affected by multiple vulnerabilities. - A third-party dependency, Moment.js, published security updates to their library. Fixes for the Issue DNN Platfor...

6.3AI score
Exploits0
OSV
OSV
added 2022/09/08 1:15 a.m.4 views

CVE-2022-37146

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...

5.3CVSS5.8AI score0.00709EPSS
Exploits0References2
OSV
OSV
added 2022/09/08 1:15 a.m.6 views

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

7.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2022/09/08 1:15 a.m.26 views

CVE-2022-37146

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...

5.3CVSS0.00709EPSS
Exploits0References1
Prion
Prion
added 2022/09/08 1:15 a.m.21 views

Authentication flaw

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...

5CVSS5.5AI score0.00709EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/08 12:28 a.m.29 views

CVE-2022-37146

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider ta...

5.8AI score0.00709EPSS
Exploits0References1
Rows per page
Query Builder