140 matches found
MAL-2024-9232 Malicious code in ens-metadata-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2081a78185962d36398bd09a1f7f68d7724d64666f2c33343bf15011892e8a93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-29037
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of tim...
CVE-2024-29037 Default secret use for initial deployment
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of tim...
CVE-2024-29037 Default secret use for initial deployment
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of tim...
CVE-2024-29037
Summary: CVE-2024-29037 affects datahub-helm helm charts used to deploy Datahub on Kubernetes. Affected versions: 0.1.143 through 0.2.181. Root cause: misconfigurations in the helm chart led to a default, static secret key being used to generate personal access tokens during a limited deployment ...
CVE-2024-29037 Default secret use for initial deployment
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of tim...
Customize Deployments with Akamai's Metadata Service
...
USN-6519-2 ec2-hibinit-agent update
USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...
PT-2023-36321 · Canonical · Ubuntu 20.04 Lts +1
Name of the Vulnerable Software and Affected Versions: hibagent versions on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS Description: The issue concerns the use of an insecure protocol by IMDSv1, which is no longer recommended. To address this, the hibagent package has been updated to add IMDSv2 support...
Virtuozzo Hybrid Infrastructure 5.4 Update 4 Hotfix 1 (5.4.4-119)
This update provides important stability fixes for the core storage, object storage, and compute services. Vulnerability id: VSTOR-74982 Fixed the customization of S3 URLs with CNAME records. Vulnerability id: VSTOR-75137, VSTOR-75225 Fixed storage and metadata service issues related to incorrect...
New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0
The Center for Internet Security CIS recently released version two of their AWS Benchmark. CIS AWS Benchmark 2.0.0 brings two new recommendations and eliminates one from the previous version. The update also includes some minor formatting changes to certain recommendation descriptions. In this...
CVE-2023-25559
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...
Authorization
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...
CVE-2023-25559 System account impersonation in DataHub
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...
CVE-2023-25559 System account impersonation in DataHub
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service GMS will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieve...
PT-2023-20156
Name of the Vulnerable Software and Affected Versions DataHub affected versions not specified Description The issue concerns the Metadata service GMS in DataHub, where the X-DataHub-Actor HTTP header is used to infer the user on whose behalf the frontend is sending a request. The header's name is...
AAD Pod Identity 安全漏洞
Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...
GHSA-R8GM-V65F-C973 acryl-datahub missing JWT signature check
Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...
CVE-2022-39366
DataHub is an open-source metadata platform. Prior to version 0.8.45, the StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This...
Authentication flaw
DataHub is an open-source metadata platform. Prior to version 0.8.45, the StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This...