102 matches found
AAD Pod Identity 安全漏洞
Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...
GHSA-XJMJ-P278-4JP5 OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...
Information Exposure
Overview facter is a library for collecting and displaying system facts Affected versions of this package are vulnerable to Information Exposure that allows local users to obtain sensitive Amazon EC2 IAM instance metadata. Remediation Upgrade facter to version 2.4.1 or higher. References - GitHub...
Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)
Binary data enumerateociwin.nbin...
Oracle Cloud Infrastructure Instance Metadata Enumeration (Linux / Unix)
The remote host is an OCI Oracle Cloud Infrastructure instance for which metadata could be retrieved. TRUSTED...
Microsoft Azure Virtual Machine信息泄露漏洞(CVE-2021-27075)
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...
The vulnerability of Microsoft Azure Kubernetes operating system allows a hacker to gain unauthorized access to protected information.
The vulnerability of Microsoft Azure Kubernetes operating system-related to Windows is related to information disclosure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially crafted IMDS request...
Vulnerability fixed in Microsoft Azure Active Directory Pod Identity
There is a vulnerability in Azure Active Directory AAD Pod Identity. The vulnerability allows a malicious person to impersonate another user. The AAD pod identity allows users to assign identities to pods in Kubernetes clusters by querying them with regular Azure Instance Metadata Services IMDS...
PT-2021-1676 · Microsoft · Azure Active Directory
Name of the Vulnerable Software and Affected Versions: Azure Active Directory affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Azure Active Directory Pod Identity service. It may allow an attacker to gain unauthorized access to...
Topcoder: SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature
Summary: Topcoder makes use of Amazons AWS in their web application environment. I noticed a feature that allows a user to subscribe and receive emails from Topcoder. This feature is vulnerable to server side request forgery since it allows a user to supply an arbitrary URL which the application...
The AWS metadata service SSRF vulnerability analysis-vulnerability warning-the black bar safety net
One, Foreword Recently I was busy with a small project, to study how the Docker container executing untrusted Python code. According to the project requirements, I need to test more online code execution engine, research them on the various attacks of the reaction. In the research process, I foun...
Microsoft Azure Instance Metadata Enumeration (Unix)
Binary data enumeratemsazurevmnix.nbin...
Microsoft Azure Instance Metadata Enumeration (Windows)
Binary data enumeratemsazurevmwin.nbin...
Gather AWS EC2 Instance Metadata
This module will attempt to connect to the AWS EC2 instance metadata service and crawl and collect all metadata known about the session'd host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
CVE-2015-1426
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
CVE-2015-1426
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
Code injection
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.
Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...
openstack-nova: timing attack issue allows access to other instances' configuration information
A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...