Lucene search
K

47 matches found

SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.6 views

SUSE CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle's agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out-of-scope containers for example, env=prod on the same agen...

9.9CVSS5.3AI score0.00385EPSS
Exploits1References3
OSV
OSV
added 2026/02/02 9:5 p.m.6 views

GO-2026-4380 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access in github.com/amir20/dozzle

Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access in github.com/amir20/dozzle...

9.9CVSS5.2AI score0.00385EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.7 views

CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

9.9CVSS5.9AI score0.00385EPSS
Exploits1References1
NVD
NVD
added 2026/01/27 9:16 p.m.8 views

CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

9.9CVSS0.00385EPSS
Exploits1References3
OSV
OSV
added 2026/01/27 8:59 p.m.7 views

CVE-2026-24740 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

8.7CVSS5.9AI score0.00385EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/27 8:59 p.m.34 views

CVE-2026-24740 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

8.7CVSS0.00385EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/27 8:59 p.m.6 views

CVE-2026-24740 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

8.7CVSS5.9AI score0.00385EPSS
Exploits1References3
CVE
CVE
added 2026/01/27 8:59 p.m.20 views

CVE-2026-24740

CVE-2026-24740 affects Dozzle before v9.0.3, where a flaw in agent-backed shell endpoints lets a label-filtered user obtain an interactive root shell in out-of-scope containers on the same agent. A patch exists in v9.0.3; upgrade to 9.0.3+ or apply the vendor fix to remediate. Exploitation detail...

9.9CVSS5.9AI score0.00385EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/27 8:59 p.m.5 views

CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

8.7CVSS5.9AI score0.00385EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/27 12:55 a.m.8 views

GHSA-M855-R557-5RC5 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

8.7CVSS5.8AI score0.00385EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/27 12:55 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...

9.9CVSS5.9AI score0.00385EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/27 12:55 a.m.19 views

Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

9.9CVSS5.8AI score0.00385EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.7 views

Dozzle security vulnerability

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual developer. Versions of Dozzle prior to 9.0.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the Shell endpoints supported by the proxy, which could allow users to obtain...

9.9CVSS5.8AI score0.00385EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.10 views

PT-2026-4859

Name of the Vulnerable Software and Affected Versions Dozzle versions prior to 9.0.3 Description A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters to obtain an interactive root shell in out‑of‑scope containers on the same agent host by directly targeting...

8.7CVSS5.9AI score0.00385EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2024-3150

Malicious code in bioql PyPI...

7.5CVSS7.9AI score0.00208EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.5 views

CVE-2024-47182

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...

7.5CVSS6.7AI score0.00208EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/11/02 3:50 a.m.2 views

SUSE CVE-2024-47182

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...

7.5CVSS6.8AI score0.00208EPSS
Exploits0References5
Veracode
Veracode
added 2024/10/15 8:13 a.m.7 views

Rainbow Table Attack

github.com/amir20/dozzle is vulnerable to Rainbow Table Attack. The vulnerability is due to the use of sha-256 for password hashing, which is less secure than bcrypt and allows an attacker to easily reverse hashed passwords using rainbow tables...

7.5CVSS6.8AI score0.00208EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/09 9:46 p.m.6 views

GHSA-W7QR-Q9FH-FJ35 Dozzle uses unsafe hash for passwords

Summary The app uses sha-256 as the hash for passwords. The app should switch to bcrypt. Details SHA-256 is a message digest hash, and not classified as secure for password hashing. Message digest hashes are designed to be fast, while password hashing mechanisms are designed with certain...

6.3CVSS6.3AI score0.00208EPSS
Exploits0References5
OSV
OSV
added 2024/10/09 8:29 p.m.16 views

GO-2024-3163 Dozzle uses unsafe hash for passwords in github.com/amir20/dozzle

Dozzle uses unsafe hash for passwords in github.com/amir20/dozzle. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References3
Rows per page
Query Builder