6 matches found
EUVD-2024-0290
Malicious code in bioql PyPI...
EUVD-2024-0236
Malicious code in bioql PyPI...
CVE-2023-46739
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...
CVE-2023-30512
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret...
CVE-2023-46739 Timing attack can leak user passwords
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...
CubeFS Security Vulnerability
CubeFS is a cloud-native file storage for CubeFS individual developers. A security vulnerability exists in CubeFS versions prior to 3.3.1 that stems from improper handling of incoming HTTP requests. An attacker can exploit the vulnerability to control the amount of memory allocated by an ObjectNo...