7 matches found
github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: apko, crossplane-provider-azure-servicefabric, skaffold, consul, osv-scanner, gatekeeper-fips, mattermost-fips, cloudbeat-fips, crossplane-provider-azure-signalrservice, tekton-pipelines, seaweedfs-rocksdb-fips, kubescape-server, kaf, prometheus-operator,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: gitlab-kas, kyverno, openbao, chisel, neuvector-sigstore-interface, scorecard, gitlab-runner, fulcio, zarf, dagger, cilium, gomplate, k9s, cilium-cli, argo-cd, external-secrets-operator, grype, rancher, crossplane-provider-family-azure, zot, loki, fscrypt, tflint,...
Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs
How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...
CVE-2025-30390
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network...
Azure ML Compute Elevation of Privilege Vulnerability
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network...
Important: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update
The Migration Toolkit for Containers MTC 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...