CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

GHSA-V5FM-HR72-27HX Nomad Search API Leaks Information About CSI Plugins

A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

Denial of service

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

UBUNTU-CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise expose a vulnerability (CVE-2023-3300) where the HTTP search API can reveal names of available CSI plugins to unauthenticated users or those without the plugin:read policy. Affected versions are Nomad/Nomad Enterprise 0.11.0 through 1.5.6 and 1.4.1. The issue ...

CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2023-3300

Removed by vendor...

PT-2023-24131 · Hashicorp +1 · Hashicorp Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.11.0 through 1.5.6 HashiCorp Nomad and Nomad Enterprise version 1.4.1 Description: A vulnerability in the HTTP search API can reveal names of available CSI plugins to unauthenticated users or...

SQL Injection in Admin Search Find API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

PT-2023-23003

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 10.5.21 Description The issue is related to a SQL injection vulnerability in the admin search find API. This vulnerability allows an attacker to interfere with the queries that the application makes to its database,...

Search API - Moderately critical - Information Disclosure - SA-CONTRIB-2022-059

This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't in all cases correctly detect whether a given search is active on the current page, leading to potential information disclosure for some setups. This vulnerability is mitigated ...

CVE-2022-2238

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects...

CVE-2022-2238

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects...

CVE-2022-2238

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects...

Design/Logic Flaw

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects...

CVE-2022-2238

CVE-2022-2238 affects Red Hat Advanced Cluster Management for Kubernetes, specifically the search-api container. The vulnerability arises when a backend parses a search filter query, allowing crafted strings with special characters to crash the pod and impact availability. Public docs in RHSA adv...

CVE-2022-2238

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects...