kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

Authorization Bypass

openshift-ansible is vulnerable to authorization bypass. The vulnerability exists as dockergc service account incorrectly associated with namespace during upgrade...

FreeBSD : expat2 -- Fix extraction of namespace prefixes from XML names (c5bd8a25-99a6-11e9-a598-f079596b62f9)

expat project reports : XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

expat2 -- Fix extraction of namespace prefixes from XML names

expat project reports: Fix heap overflow triggered by XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber, and deny internal entities closing the doctype...

Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

GitLab CE/EE Information Disclosure Vulnerability (CNVD-2019-32226)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. An...

UBUNTU-CVE-2019-6789

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure issue 4 of 6. In some cases, users without project permissions will receive emails after a project move. For private projects, this wi...

CVE-2019-11545

An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue...

GitLab: Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests

I've found a three minor vulnerabilities which, when combined, allow an attacker to copy private repositories, confidential issues, private snippets, and then some. I'll go through the code path to explain the vulnerabilities and how they are combined. See the Proof of Concept section if you want...

DEBIAN-CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

Design/Logic Flaw

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

CVE-2019-11247 Kubernetes kube-apiserver allows access to custom resources via wrong scope

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

Design/Logic Flaw

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inetcsklistenstop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue...

PT-2019-16753 · Red Hat · Atomic-Openshift

Name of the Vulnerable Software and Affected Versions: atomic-openshift versions 3.6 through 4.1 Description: A flaw in the garbage collection mechanism allows an attacker to spoof the UUID of a valid object from another namespace, enabling them to delete children of those objects. Recommendation...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2019:1364-2)

This update for systemd fixes the following issues : Security issues fixed : CVE-2019-3842: Fixed a privilege escalation in pamsystemd which could be exploited by a local user bsc1132348. CVE-2019-6454: Fixed a denial of service via crafted D-Bus message bsc1125352. CVE-2019-3843, CVE-2019-3844:...

Security update for helm (moderate)

openSUSE Security Update: Security update for helm Announcement ID: openSUSE-SU-2019:1703-1 Rating: moderate References: 1118897 1118898 1118899 Cross-References: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes thr...

Fedora 30 : expat (2019-18868e1715)

This update includes a fix for a security vulnerability, CVE2018-20843 : Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for...

CVE-2019-10639

CVE-2019-10639 affects Linux kernel 4.x (from 4.1) and 5.x prior to 5.0.8, enabling remote information exposure by deriving a KASLR kernel image offset from IP ID values for UDP/ICMP traffic. An attacker could force traffic to attacker-controlled IPs to obtain hashing key information and expose t...