32 matches found
CVE-2024-3625
CVE-2024-3625 : The issue affects Quay where the Redis password/database credentials are stored in plain text in the mirror-registry on Jinja's config.yaml. The root cause is unencrypted storage of sensitive information in the config file, enabling a user with access to that file to gain access t...
CVE-2024-3625
A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance...
CVE-2024-3624
A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database...
PT-2024-3593 · Quay · Quay
Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw in Quay's mirror-registry allows a malicious actor with access to the config.yaml file to gain unauthorized access to Quay's database. The issue is related to the storage of critical...
PT-2024-3595 · Redis +2 · Redis +2
Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw in Quay's storage of its database in plain text within the mirror-registry on Jinja's config.yaml file poses a risk. This issue could allow a malicious actor with access to this file to...
Search Secrets in Various File Types: DumpsterDiver
DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys based on counting the entropy. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file...
DumpsterDiver - Tool To Search Secrets In Various Filetypes
DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...
CVE-2016-2142
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...
CVE-2016-2142
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...
PT-2016-5025 · Red Hat · Red Hat Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.1 Description: The issue concerns a configuration file with world-readable permissions, allowing local users to access sensitive information, specifically Active Directory credentials, by reading the fil...
Red Hat OpenShift Enterprise Information Disclosure Vulnerability
Red Hat OpenShift is a platform-as-a-service cloud computing platform that builds, tests, deploys and runs applications. The /etc/origin/master/master-config.yaml configuration file containing Active Directory certificates is globally readable in Red Hat OpenShift Enterprise, allowing a local...
openshift: Bind password for AD account is stored in world readable file
An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file...