BIT-ARGO-WORKFLOWS-2026-42295 Argo Workflows: Exposure of artifact repository credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

Incorrect Authorization

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization through the UserOSEC2CredentialsResourceListCreat...

SUSE CVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

BIT-MINIO-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit

MinIO is a high-performance object storage system. Prior to 2026.03.17, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration,...

GHSA-JV87-32HW-HH99 MinIO LDAP login brute-force via user enumeration and missing rate limit

Impact What kind of vulnerability is it? Who is impacted? MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration, and 2 absence ...

MinIO LDAP login brute-force via user enumeration and missing rate limit

Impact What kind of vulnerability is it? Who is impacted? MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration, and 2 absence ...

EUVD-2025-203943

AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue...

EUVD-2025-203941

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

CVE-2022-23232

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user accoun...

CVE-2022-23232

Summary of CVE-2022-23232 (StorageGRID): StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are vulnerable to an access-control issue where disabled, expired, or locked external user accounts could access S3 data they previously could view. In 11.6.0, the product changes behavio...

Virtuozzo Hybrid Infrastructure 4.6 Update 2

This update provides bug fixes and improvements. Vulnerability id: VSTOR-45618 Incorrect storage usage values are reported. Vulnerability id: VSTOR-45724 Some users cannot access S3 via the user panel. Vulnerability id: VSTOR-44252 Detection of slow disks works inside virtual environments...

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...