CVE-2025-32445

CVE-2025-32445 is tied to Argo Events. A user with permission to create/modify EventSource and Sensor CRs can cause the orchestrated pod to run with elevated/privileged capabilities by manipulating fields in spec.template and spec.template.container (including command, args, securityContext, volu...

Argo Events 安全漏洞

Argo Events is an event-driven workflow automation framework for Kubernetes open-sourced by Argo Project. A security vulnerability exists in versions prior to Argo Events v1.9.6 that stems from a user with the permission to create or modify EventSource and Sensor can gain privileged access to the...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customiz...

GHSA-HMP7-X699-CVHQ Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. Details: The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customiz...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to improper removal of sensitive information before storage or transfer in the console (CVE-2022-1650)

Summary EventSource is used by IBM Storage Fusion Data Foundation in the console as part of data metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1650. Vulnerability Details CVEID:CVE-2022-1650 DESCRIPTION: EventSourc...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1 Vulnerability Details CVEID:CVE-2022-21724 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC could allow a remote authenticated attack...

Security Bulletin: NPM GitHub EventSource improper removal of sensitive information (CVE-2022-1650)

Summary NPM GitHub EventSource is used by the Dashboard within IBM Storage Ceph. IBM Ceph Storage is vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource. CVE-2022-1650 Vulnerability Details CVEID: CVE-2022-1650 DESCRIPTIO...

Ubuntu: Security Advisory (USN-6082-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6082-1 node-eventsource vulnerability

It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information...

USN-6082-1: EventSource vulnerability

It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : EventSource vulnerability (USN-6082-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6082-1 advisory. It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into...

Debian: Security Advisory (DLA-3235-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3235-1] node-eventsource security update

Debian LTS Advisory DLA-3235-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 11, 2022 https://wiki.debian.org/LTS Package : node-eventsource Version : 0.2.1-1+deb10u1 CVE ID : CVE-2022-1650 Timothee Desurmont discovered an information leak vulnerability ...

Debian dla-3235 : node-eventsource - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3235 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3235-1 [email protected] https://www.debian.org/lts/security/...

DLA-3235-1 node-eventsource - security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update

An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

eventsource: Exposure of Sensitive Information

A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website...

eventsource: Exposure of Sensitive Information

A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website...