Lucene search
K

759 matches found

Vulnrichment
Vulnrichment
added 2024/11/29 6:15 p.m.19 views

CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

6.3CVSS6.8AI score0.00389EPSS
Exploits0References4
CVE
CVE
added 2024/11/29 6:15 p.m.2412 views

CVE-2024-52003

CVE-2024-52003 – Traefik : Traefik versions 2.11.14 and 3.2.1 fix a vulnerability where an attacker can inject the untrusted X-Forwarded-Prefix header. The issue, as described, arises from the header handling by the HTTP reverse proxy/load balancer, enabling an external source to influence reques...

6.3CVSS6.5AI score0.00389EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/24 12:0 a.m.16 views

RHEL 8 : haproxy (RHSA-2024:9945)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9945 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: untrimm...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References5
CVE
CVE
added 2024/11/21 5:14 p.m.65 views

CVE-2024-52307

CVE-2024-52307 affects the open-source identity provider authentik. A non-constant time comparison on the per-tenant/endpoint path "/-/metrics/" enables brute-forcing the SECRET_KEY used to authenticate that endpoint. The metrics endpoint serves Prometheus data and is not intended for public acce...

6.3CVSS6.6AI score0.00531EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 5:14 p.m.12 views

CVE-2024-52307 authentik allows a timing attack due to missing constant time comparison for metrics view

authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...

6.3CVSS6.5AI score0.00531EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/19 12:50 a.m.22 views

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.2CVSS6.7AI score0.01526EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/06 12:0 a.m.13 views

RHEL 8 : haproxy (RHSA-2024:8874)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:8874 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: untrimm...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/05 1:26 a.m.33 views

Moderate: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

8.2CVSS6.7AI score0.01526EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/05 1:22 a.m.6 views

kernel: gso: do not skip outer ip header in case of ipip and net_failover

In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...

6.8AI score
Exploits0References5
AlmaLinux
AlmaLinux
added 2024/11/05 12:0 a.m.15 views

Moderate: haproxy security update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers CVE-2023-45539 For more details about the security issues, including th...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References4
OSV
OSV
added 2024/10/28 3:20 p.m.14 views

GO-2024-3212 AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller

AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...

7AI score
Exploits0References4
OSV
OSV
added 2024/10/24 7:4 p.m.9 views

GHSA-RJFV-PJVX-MJGV AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers

Summary The AWS Load Balancer Controller includes an optional, default-enabled feature that manages WAF WebACLs on Application Load Balancers ALBs on your behalf. In versions 2.8.1 and earlier, if the WebACL annotation 1 alb.ingress.kubernetes.io/wafv2-acl-arn or...

6.8AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/24 7:4 p.m.10 views

AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers

Summary The AWS Load Balancer Controller includes an optional, default-enabled feature that manages WAF WebACLs on Application Load Balancers ALBs on your behalf. In versions 2.8.1 and earlier, if the WebACL annotation 1 alb.ingress.kubernetes.io/wafv2-acl-arn or...

6.8AI score
Exploits0References6Affected Software1
NVD
NVD
added 2024/10/22 12:15 a.m.27 views

CVE-2024-10125

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/10/21 11:25 p.m.87 views

CVE-2024-10125

CVE-2024-10125 concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore middleware used with ALB OpenID Connect in ASP.NET Core deployments. The root cause is that JWT handling performs signature validation but fails to validate the JWT issuer and signer identity, enabling a signed token f...

7.5CVSS7.6AI score0.00319EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/21 11:25 p.m.36 views

CVE-2024-10125 Lack of JWT issuer and signer validation

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.6 views

Amazon.ApplicationLoadBalancer.Identity.AspNetCore 安全漏洞

Amazon.ApplicationLoadBalancer.Identity.AspNetCore is an open source load balancer for Amazon Web Services. A security vulnerability exists in Amazon.ApplicationLoadBalancer.Identity.AspNetCore that stems from an inability to verify the identity of the JWT issuer and signer in the JWT processing...

7.5CVSS6.7AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

AWS ALB Route Directive Adapter For Istio 安全漏洞

AWS ALB Route Directive Adapter For Istio is an AWS ALB Route Directive Adapter for Istio open source by Amazon Web Services. A security vulnerability exists in AWS ALB Route Directive Adapter For Istio v1.0 and v1.1 that stems from the use of a JWT for authentication that lacks proper signer and...

7.5CVSS8.2AI score0.00358EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.5 views

PT-2024-39308 · Amazon +1 · Aws Alb Route Directive Adapter For Istio +1

Name of the Vulnerable Software and Affected Versions: AWS ALB Route Directive Adapter For Istio affected versions not specified Description: The issue concerns a lack of proper signer and issuer validation in the JWT authentication mechanism used by the AWS ALB Route Directive Adapter For Istio...

9.9CVSS6.5AI score0.97781EPSS
Exploits21References136
Atlassian
Atlassian
added 2024/09/27 12:21 a.m.22 views

Allow HTTP Strict Transport Security (HSTS) to be configured in Bamboo 10

h3. Issue Summary This is reproducible on Data Center: / Up until Bamboo 9.6, HTTP Strict Transport Security|https://tools.ietf.org/html/rfc6797 was configurable in Bamboo by following the steps outlined in this KB article: How do I enable HSTS and other HTTP Security Headers in Bamboo Data...

7.2AI score
Exploits0
Rows per page
Query Builder