Lucene search
K

32 matches found

CVE
CVE
added 2024/04/25 5:46 p.m.68 views

CVE-2024-3625

CVE-2024-3625 : The issue affects Quay where the Redis password/database credentials are stored in plain text in the mirror-registry on Jinja's config.yaml. The root cause is unencrypted storage of sensitive information in the config file, enabling a user with access to that file to gain access t...

7.3CVSS7.1AI score0.00339EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/04/10 9:22 p.m.20 views

CVE-2024-3625

A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance...

7.3CVSS7AI score0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/04/10 9:22 p.m.31 views

CVE-2024-3624

A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database...

7.3CVSS6.9AI score0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.7 views

PT-2024-3593 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw in Quay's mirror-registry allows a malicious actor with access to the config.yaml file to gain unauthorized access to Quay's database. The issue is related to the storage of critical...

7.3CVSS7AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.5 views

PT-2024-3595 · Redis +2 · Redis +2

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw in Quay's storage of its database in plain text within the mirror-registry on Jinja's config.yaml file poses a risk. This issue could allow a malicious actor with access to this file to...

7.3CVSS7.2AI score0.00339EPSS
Exploits0References5
n0where
n0where
added 2018/06/25 2:9 a.m.38 views

Search Secrets in Various File Types: DumpsterDiver

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys based on counting the entropy. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/06 2:7 p.m.27 views

DumpsterDiver - Tool To Search Secrets In Various Filetypes

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...

7.1AI score
Exploits0References1
NVD
NVD
added 2016/06/08 5:59 p.m.30 views

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...

5.5CVSS5.3AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/06/08 5:0 p.m.29 views

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...

5.3AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/06/08 12:0 a.m.6 views

PT-2016-5025 · Red Hat · Red Hat Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Enterprise version 3.1 Description: The issue concerns a configuration file with world-readable permissions, allowing local users to access sensitive information, specifically Active Directory credentials, by reading the fil...

5.5CVSS5.3AI score0.0035EPSS
Exploits0References2
CNVD
CNVD
added 2016/05/13 12:0 a.m.5 views

Red Hat OpenShift Enterprise Information Disclosure Vulnerability

Red Hat OpenShift is a platform-as-a-service cloud computing platform that builds, tests, deploys and runs applications. The /etc/origin/master/master-config.yaml configuration file containing Active Directory certificates is globally readable in Red Hat OpenShift Enterprise, allowing a local...

5.5CVSS6.8AI score0.0035EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/05/11 1:32 p.m.8 views

openshift: Bind password for AD account is stored in world readable file

An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file...

5.5CVSS5.8AI score0.0035EPSS
Exploits0References4
Rows per page
Query Builder