Lucene search
K

102 matches found

CNNVD
CNNVD
added 2022/12/21 12:0 a.m.6 views

AAD Pod Identity 安全漏洞

Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...

5.3CVSS5.7AI score0.00709EPSS
Exploits0References4
OSV
OSV
added 2022/05/14 1:58 a.m.28 views

GHSA-XJMJ-P278-4JP5 OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

4.3CVSS6.1AI score0.01938EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/14 1:58 a.m.37 views

OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

4.3CVSS6.2AI score0.01938EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2022/05/14 12:56 a.m.2 views

Information Exposure

Overview facter is a library for collecting and displaying system facts Affected versions of this package are vulnerable to Information Exposure that allows local users to obtain sensitive Amazon EC2 IAM instance metadata. Remediation Upgrade facter to version 2.4.1 or higher. References - GitHub...

4CVSS6.5AI score0.00353EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.15 views

Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)

Binary data enumerateociwin.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/10/14 12:0 a.m.133 views

Oracle Cloud Infrastructure Instance Metadata Enumeration (Linux / Unix)

The remote host is an OCI Oracle Cloud Infrastructure instance for which metadata could be retrieved. TRUSTED...

5.5AI score
Exploits0References1
seebug.org
seebug.org
added 2021/05/13 12:0 a.m.129 views

Microsoft Azure Virtual Machine信息泄露漏洞(CVE-2021-27075)

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

2.7CVSS0.1AI score0.01343EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.13 views

The vulnerability of Microsoft Azure Kubernetes operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of Microsoft Azure Kubernetes operating system-related to Windows is related to information disclosure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially crafted IMDS request...

5.5CVSS5.9AI score0.01133EPSS
Exploits0References3Affected Software1
NCSC
NCSC
added 2021/01/12 12:0 a.m.7 views

Vulnerability fixed in Microsoft Azure Active Directory Pod Identity

There is a vulnerability in Azure Active Directory AAD Pod Identity. The vulnerability allows a malicious person to impersonate another user. The AAD pod identity allows users to assign identities to pods in Kubernetes clusters by querying them with regular Azure Instance Metadata Services IMDS...

5.5CVSS6.5AI score0.01133EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.9 views

PT-2021-1676 · Microsoft · Azure Active Directory

Name of the Vulnerable Software and Affected Versions: Azure Active Directory affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Azure Active Directory Pod Identity service. It may allow an attacker to gain unauthorized access to...

5.5CVSS6.6AI score0.01133EPSS
Exploits0References7
Hacker One
Hacker One
added 2020/05/17 7:47 a.m.106 views

Topcoder: SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature

Summary: Topcoder makes use of Amazons AWS in their web application environment. I noticed a feature that allows a user to subscribe and receive emails from Topcoder. This feature is vulnerable to server side request forgery since it allows a user to supply an arbitrary URL which the application...

0.5AI score
Exploits0
myhack58
myhack58
added 2017/06/28 12:0 a.m.366 views

The AWS metadata service SSRF vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently I was busy with a small project, to study how the Docker container executing untrusted Python code. According to the project requirements, I need to test more online code execution engine, research them on the various attacks of the reaction. In the research process, I foun...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/03 12:0 a.m.19 views

Microsoft Azure Instance Metadata Enumeration (Unix)

Binary data enumeratemsazurevmnix.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/03 12:0 a.m.19 views

Microsoft Azure Instance Metadata Enumeration (Windows)

Binary data enumeratemsazurevmwin.nbin...

7.3AI score
Exploits0References1
Metasploit
Metasploit
added 2016/09/30 1:35 p.m.34 views

Gather AWS EC2 Instance Metadata

This module will attempt to connect to the AWS EC2 instance metadata service and crawl and collect all metadata known about the session'd host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

7AI score
Exploits0
OSV
OSV
added 2015/02/23 5:59 p.m.8 views

CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS6AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2015/02/23 5:59 p.m.13 views

CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS6.1AI score0.00353EPSS
Exploits0References1
Prion
Prion
added 2015/02/23 5:59 p.m.15 views

Code injection

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS6.7AI score0.00353EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2015/02/10 12:0 a.m.20 views

Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

2.1CVSS6.6AI score0.00353EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2014/07/24 5:21 p.m.5 views

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

4.3CVSS5.7AI score0.01938EPSS
Exploits0References4
Rows per page
Query Builder