CDK

This is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help escape container and takeover K8s cluster easily. The toolkit i...

CVE-2021-37742

app/View/Elements/GalaxyClusters/viewrelationtree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships...

Cross site scripting

app/View/Elements/GalaxyClusters/viewrelationtree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships...

CVE-2021-37742

Summary: CVE-2021-37742 affects MISP 2.4.147 with a Stored XSS in the view file app/View/Elements/GalaxyClusters/view_relation_tree.ctp when viewing galaxy cluster relationships. The issue originates from that view template; exploitation could occur in the user’s browser when rendering the affect...

CVE-2021-37534

The CVE-2021-37534 entry concerns MISP 2.4.146 where a Stored XSS flaw exists in app/View/GalaxyClusters/add.ctp when forking a galaxy cluster. Affected component is the Galaxy Clusters feature; the root cause is an XSS condition that can allow injected script to run in a victim's browser. Impact...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. MISP suffers from a cross-site scripting vulnerability that stems from...

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...

Windows Container Malware Targets Kubernetes

Windows containers have been victimized for over a year by the first known malware to target Windows containers. The ongoing campaign pierces Kubernetes clusters so as to plant backdoors, allowing attackers to steal data and user credentials, or even hijack an entire databases hosted in a cluster...

Researchers Discover First Known Malware Targeting Windows Containers

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher...

CVE-2020-1716

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...

Fedora: Security Advisory for slurm (FEDORA-2021-335cd3eab7)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for slurm (FEDORA-2021-f75a803ff3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack

We have found and confirmed close to 50,000 IPs compromised by this attack perpetrated by TeamTNT across multiple clusters. Several IPs were repeatedly exploited during the timeframe of the episode, occurring between March and May...

[SECURITY] Fedora 33 Update: slurm-20.11.7-1.fc33

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

[SECURITY] Fedora 34 Update: slurm-20.11.7-1.fc34

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

GHSA-XHG2-RVM8-W2JH Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

GHSA-PMQP-H87C-MR78 XML Entity Expansion and Improper Input Validation in Kubernetes API server

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

Red-Kube - Red Team K8S Adversary Emulation Based On Kubectl

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective. The commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster. The commands...

Man-in-the-middle (MitM)

github.com/hashicorp/vault is vulnerable to man-in-the-middle attack. The vulnerability exists due to missing hostnames validation when TLS is used to connect to Cassandra clusters...