Lucene search
+L

216 matches found

wolfi
wolfi
added 2023/04/13 5:53 p.m.14 views

GHSA-CJR9-MR35-7XH6 vulnerabilities

Vulnerabilities for packages: spicedb...

7.5AI score
Exploits0
cgr
cgr
added 2023/04/13 5:53 p.m.4 views

GHSA-CJR9-MR35-7XH6 vulnerabilities

Vulnerabilities for packages: spicedb...

7.3AI score
Exploits0
osv
osv
added 2023/04/13 5:53 p.m.22 views

GHSA-CJR9-MR35-7XH6 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

8.1CVSS8.1AI score0.00762EPSS
Exploits0References5
github
github
added 2023/04/13 5:53 p.m.46 views

SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

8.7CVSS7.5AI score0.00762EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2023/04/03 12:0 a.m.6 views

PT-2023-2479 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.19.1 Description: The issue is related to the SpiceDB database system, specifically with the /debug/pprof/cmdline endpoint served by the metrics service, which reveals command-line flags provided for debugging...

8.7CVSS7.1AI score0.00762EPSS
Exploits0References13
osv
osv
added 2022/01/13 3:5 p.m.69 views

GHSA-7P8F-8HJM-WM92 Lookup operations do not take into account wildcards in SpiceDB

Impact Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not accessible by virtue of the inclusion of the wildcard in the intersection or the rig...

8.1CVSS7.9AI score0.01472EPSS
Exploits0References6
github
github
added 2022/01/13 3:5 p.m.31 views

Lookup operations do not take into account wildcards in SpiceDB

Impact Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not accessible by virtue of the inclusion of the wildcard in the intersection or the rig...

8.1CVSS0.4AI score0.01472EPSS
Exploits0References6Affected Software1
gitlab
gitlab
added 2022/01/13 12:0 a.m.60 views

Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

8.1CVSS0.6AI score0.01472EPSS
Exploits0References6Affected Software1
veracode
veracode
added 2022/01/12 4:20 a.m.24 views

Improper Input Validation

spicedb is vulnerable to improper input validation. The vulnerability exists due to wrongly implemented wildcard which allows an attacker to perform unauthenticated actions with wildcard permissions...

8.1CVSS3.9AI score0.01472EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2022/01/11 10:15 p.m.39 views

CVE-2022-21646

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

8.1CVSS0.01472EPSS
Exploits0References4
prion
prion
added 2022/01/11 10:15 p.m.17 views

Design/Logic Flaw

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

5.5CVSS8AI score0.01472EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2022/01/11 9:50 p.m.5 views

CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

8.1CVSS7.1AI score0.01472EPSS
Exploits0References4
cve
cve
added 2022/01/11 9:50 p.m.97 views

CVE-2022-21646

SpiceDB vulnerability CVE-2022-21646 affects wildcard handling in lookups: using a wildcard on the right side of an intersection or within an exclusion can cause Lookup/LookupResources to treat resources as accessible when they are not. In v1.3.0 the wildcard was ignored in dispatch, making the b...

8.1CVSS8AI score0.01472EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/01/11 9:50 p.m.33 views

CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

8.1CVSS7.8AI score0.01472EPSS
Exploits0References6
cvelist
cvelist
added 2022/01/11 9:50 p.m.43 views

CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

8.1CVSS8.2AI score0.01472EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2022/01/11 12:0 a.m.2 views

PT-2022-15001 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions 1.3.0 Description: The issue concerns the handling of wildcard relationships in SpiceDB, specifically within exclusion or intersection operations. When a user utilizes a wildcard relationship under the right-hand branch of an...

8.1CVSS7.2AI score0.01472EPSS
Exploits0References9
Rows per page
Query Builder