415 matches found
UPX 缓冲区错误漏洞
UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX that stems from the presence of a segmentation error. An attacker could exploit the vulnerability to cause a denial of service by accessing a memory address using a specially crafted input file...
Design/Logic Flaw
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506
CVE-2022-23506 affects Spinnaker’s Rosco microservice. Prior to versions 1.29.2, 1.28.4, and 1.27.3, Rosco did not properly mask secrets generated during Packer builds, which could expose AWS credentials in log files. The issue is mitigated in 1.29.2, 1.28.4, and 1.27.3+ fixes. A workaround recom...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
PT-2023-12722 · Spinnaker +2 · Spinnaker +2
Name of the Vulnerable Software and Affected Versions: Spinnaker's Rosco microservice versions prior to 1.29.2, 1.28.4, and 1.27.3 Description: Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine...
AZL-40841 CVE-2022-3064 affecting package packer for versions less than 1.9.5-1
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
AZL-11115 CVE-2022-42717 affecting package packer for versions less than 1.8.7-1
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
Design/Logic Flaw
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
UBUNTU-CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
Hashicorp Packer 安全漏洞
HashiCorp Hashicorp Packer is a free and open source tool from the US company HashiCorp. It is used to create gold images for multiple platforms from a single source configuration. A security vulnerability exists in Hashicorp Packer versions prior to 2.3.1, which stems from the fact that the...
CVE-2022-42717
CVE-2022-42717 affects Hashicorp Packer prior to 2.3.1. The issue is an insecure sudoers configuration for Vagrant on Linux, where a host configured per the documentation permits non-privileged users to exploit a wildcard in sudoers to execute commands as root. The data in connected sources confi...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
PT-2022-26517 · Hashicorp · Hashicorp Packer +1
Name of the Vulnerable Software and Affected Versions: Hashicorp Packer versions prior to 2.3.1 Description: An issue was discovered in the recommended sudoers configuration for Vagrant on Linux, which is insecure. Non-privileged users on the host can leverage a wildcard in the sudoers...