16 matches found
GO-2025-4068 Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula
Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula...
CVE-2025-62820
A flaw was found in Slack Nebula. An improper CIDR construction in the hostmap logic makes the inbound firewall overly permissive for nodes with certificates allowing subnets or multiple IPs. An attacker controlling such a node can send packets with arbitrary source IP addresses within the networ...
Slack Nebula may accept arbitrary source IP addresses
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...
CVE-2025-62820
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...
CVE-2025-62820
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...
CVE-2025-62820
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...
Slack Nebula 安全漏洞
Slack Nebula is a scalable overlay network tool from Slack open source. A security vulnerability exists in Slack Nebula versions prior to 1.9.7 that stems from improper CIDR handling in certain configurations, which could lead to the acceptance of arbitrary source IP addresses in the Nebula netwo...
CVE-2025-62820
Slack Nebula prior to 1.9.7 is affected by a CIDR handling issue that allows accepting arbitrary source IPs within the Nebula network. The CVE entry documents this as a network‑level vulnerability with a CVSS v3.1 base score of 4.9 (Medium) and a high attack complexity, requiring low privileges a...
CVE-2025-62820
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...
CVE-2025-62820
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...
Slack Nebula Path Traversal Vulnerability
Slack Nebula is a scalable overlay network tool. A security vulnerability exists in Slack Nebula 1.1.0 and earlier versions. An attacker can exploit the vulnerability to execute code...
CVE-2020-11498
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...
CVE-2020-11498
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...
Design/Logic Flaw
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...
CVE-2020-11498
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...
CVE-2020-11498
CVE-2020-11498 affects Slack Nebula up to version 1.1.0. A relative-path vulnerability in the tunnel drivers tun_darwin.go and tun_windows.go allows a low-privileged attacker to execute code in the context of the root user, with potential user-context execution as well. The issue enables path tra...