28 matches found
EUVD-2021-7144
Malicious code in bioql PyPI...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: crossplane, kargo, ko, step-ca, restic, velero, flux-kustomize-controller, wal-g, falcosidekick, grafana-agent-operator, terragrunt, splunk-otel-collector, cluster-autoscaler, kots, promxy, xeol, crossplane-provider-azure-storage, external-secrets-operator, step,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: nodetaint, pulumi, falcoctl, crossplane-provider-aws-lambda, k9s, rclone, buildkitd, prometheus-node-exporter, protoc-gen-go-grpc, secrets-store-csi-driver, ipfs, spark-operator, hugo-extended, cfssl, kyverno-policy-reporter, crossplane-provider-aws-firehose,...
AAD Pod Identity obtaining token with backslash
...
New attack vectors in EKS
We explore how advancements in EKS Access Entries and Pod Identity have opened new attack vectors and offer examples of how adversaries could exploit them...
New EKS Access Management and Pod Identity features: a security analysis
The Wiz research team unpacks the security implications of the new EKS access and identity management features and recommends best practices when using them...
CVE-2022-23551
A flaw was found in aad-pod-identity. This issue could allow an attacker to obtain a token when a request is made that includes a backslash, bypassing proper validation and completing the request...
Information Disclosure
github.com/Azure/aad-pod-identity is vulnerable to information disclosure. The vulnerability exists because server.go does not properly handle invalid token requests, allowing an attacker to bypass the NMI validation and send the token to IMDS in the cluster through the token request made with...
CVE-2022-23551
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
AZL-34277 CVE-2022-23551 affecting package nmi for versions less than 1.8.17-1
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
Cross site request forgery (csrf)
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
CVE-2022-23551 AAD Pod Identity obtaining token with backslash
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
CVE-2022-23551 AAD Pod Identity obtaining token with backslash
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
CVE-2022-23551 AAD Pod Identity obtaining token with backslash
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
CVE-2022-23551
CVE-2022-23551 concerns AAD Pod Identity: the NMI component could bypass validation for token requests containing a backslash (example /metadata/identity\oauth2\token/), potentially enabling a pod to access identities it should not have. The bug arises from NMI’s regex-based validation and is add...
AAD Pod Identity obtaining token with backslash
Impact What kind of vulnerability is it? Who is impacted? The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request example: /metadata/identity\oauth2\token/ would bypass the NMI validation and be...
GHSA-P82Q-RXPM-HJPC AAD Pod Identity obtaining token with backslash
Impact What kind of vulnerability is it? Who is impacted? The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request example: /metadata/identity\oauth2\token/ would bypass the NMI validation and be...
PT-2022-7109 · Microsoft · Aad Pod Identity
Name of the Vulnerable Software and Affected Versions: AAD Pod Identity versions prior to 1.8.13 Description: The issue is related to the NMI component in AAD Pod Identity, which intercepts and validates token requests based on regex. A token request made with a backslash in the request, for...
AAD Pod Identity 安全漏洞
Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...
Improper Restriction of Security Token Assignment
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...