Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel

A vulnerability was identified in Nomad such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

GHSA-9JFX-84V9-2RR2 Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel

A vulnerability was identified in Nomad such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

PT-2023-24122 · Hashicorp +1 · Hashicorp Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad Enterprise versions 1.2.11 through 1.5.6 HashiCorp Nomad Enterprise version 1.4.10 Description: A vulnerability exists where the API caller's ACL token secret ID is exposed to Sentinel policies. Additionally, ACL policies usin...

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterpris that stems from the ACL token ID of...

Microsoft Inspire: Partner resources to prepare for the future of security with AI

Cybersecurity is one of the most pressing challenges of our time. With an ever-changing threat landscape and siloed data across multiple security point solutions, defenders have limited visibility. It’s difficult to stay current and find cybersecurity professionals amid the global talent shortage...

Security Bulletin: Vulnerability in Apache Commons FileUpload may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-24998)

Summary Vulnerability in Apache Commons FileUpload may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerability includes a denial of service attack that is described in detail by the CVE in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache...

How Microsoft and Sonrai integrate to eliminate attack paths

Cloud development challenges conventional thinking about risk. A “perimeter” was always the abstraction that security teams could start from—defining their perimeter and exposing the cracks in firewalls and network access. With more and more infrastructure represented as ephemeral code, protectin...

How Microsoft and Sonrai integrate to eliminate attack paths

Cloud development challenges conventional thinking about risk. A “perimeter” was always the abstraction that security teams could start from—defining their perimeter and exposing the cracks in firewalls and network access. With more and more infrastructure represented as ephemeral code, protectin...

Improve supply chain security and resiliency with Microsoft

Let’s start with the bad news. Cybersecurity breaches can be particularly devastating for supply chains, which involve multiple parties and sensitive information. As operational technology OT devices become increasingly connected, blurring the gap between IT and OT environments, the risk of hacke...

CVE-2022-48227

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361...

CVE-2022-48227

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361...

Privilege escalation

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361...

CVE-2022-48228

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362...

CVE-2022-48228

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362...

Command injection

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362...

CVE-2022-48227

Acuant AsureID Sentinel prior to 5.2.149 contains a local privilege escalation vulnerability (CORE-7361): it opens Notepad after installing AssureID, Identify x64, and Identify x86. CVSSv3.1 base score 7.8 (HIGH) with LOCAL attack, LOW privileges required, no user interaction. Affected: Acuant As...

Acuant AsureID Sentinel 安全漏洞

Acuant AsureID Sentinel is an automated solution for authentication and file certification from Acuant USA. A security vulnerability exists in Acuant AsureID Sentinel. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

CVE-2022-48228

CVE-2022-48228 affects Acuant AsureID Sentinel, with vulnerable component behavior before version 5.2.149. The issue is that installer log files for i-Dentify and Sentinel Installer are written to the root of the C: drive (CORE-7362). Public references consistently describe the vulnerability as a...