12 matches found
EUVD-2026-37956
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
CVE-2026-8668
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
CVE-2026-8668
CVE-2026-8668 concerns Chef 360 prior to v1.7.0, where a static credential embedded in the product allowed unauthenticated access to internal message queues containing tenant-specific identifiers. The underlying issue is a hardcoded credential that enables access without authentication; later ver...
CVE-2026-8668 Hardcoded credentials in embedded content
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
PT-2026-50804
Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.0 Description A static credential embedded in the software allows unauthenticated access to internal message queues. These queue messages contain tenant-specific identifiers. Recommendations Update to version 1.7...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...
CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server primarily Linux that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring...
CVE-2026-5329
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server primarily Linux that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring...
CVE-2026-5329
CVE-2026-5329 affects Rapid7 Velociraptor versions prior to 0.76.2. The vulnerability resides in the client monitoring message handler on the Velociraptor server (primarily Linux) and is caused by improper input validation of the queue name provided by the client. This can enable an authenticated...
CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server primarily Linux that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring...
PT-2026-31678
Name of the Vulnerable Software and Affected Versions Rapid7 Velociraptor versions prior to 0.76.2 Description Rapid7 Velociraptor versions before 0.76.2 have an input validation issue in the client monitoring message handler on the Velociraptor server primarily Linux. An authenticated remote...