496 matches found
kubernetes input validation error vulnerability
Kubernetes is an open source Docker container cluster management system from the American Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scale-up and scale-down for containerized applications. kubernetes has a security vulnerability that c...
Privilege Escalation
openshift is vulnerable to privilege escalation. The vulnerability exists due to incorrectly included additional certificates which allows pods to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA...
[SECURITY] Fedora 33 Update: podman-3.2.3-2.fc33
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)
The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. PoC 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject...
Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)
The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XS...
CVE-2021-3636
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificate...
Code injection
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificate...
CVE-2021-24339
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...
CVE-2021-24338
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...
Cross site scripting
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...
Cross site scripting
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...
CVE-2021-24339 Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...
CVE-2021-24339
CVE-2021-24339 Identified in the Pods – Custom Content Types and Fields WordPress plugin prior to 2.7.27. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) in the Menu Label field parameter. Impact and exploitability details in the provided references align to an XSS risk th...
CVE-2021-24338
The Pods – Custom Content Types and Fields WordPress plugin is affected: versions before 2.7.27 have an Authenticated Stored Cross-Site Scripting (XSS) vulnerability in the Singular Label field parameter caused by insufficient input validation. This is an authenticated vulnerability (requires use...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, which stems...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, whi...
Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...
PT-2021-9718 · Red Hat · Openshift Container Platform
Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform affected versions not specified Description: A flaw in the Restricted Security Context Constraints SCC allows pods to craft custom network packets, enabling an attacker to cause a denial of service attack on a...
MDR Vendor Must-Haves, Part 9: Assigned Analyst Pods and Security Program Advisors
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Every organization is unique, with different goals, missions, security maturities, staffing models, technologies...
Kubernetes Security Is Not Container Security
Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...