59 matches found
CVE-2021-28667
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...
EUVD-2018-12903
Malware in sbrugna...
EUVD-2022-46972
Malicious code in bioql PyPI...
EUVD-2022-46688
Malicious code in bioql PyPI...
EUVD-2021-31477
Malicious code in bioql PyPI...
EUVD-2022-2150
Malicious code in bioql PyPI...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2018-20345
Incorrect access control in StackStorm API st2api in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker who has a StackStorm account and is authenticated against the StackStorm API to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" que...
Malicious code in stackstorm-runner-action-chain (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0cc9e6be890f15ba83b67af002dc0fdec59a68ebdd2696ab5168df443ed2dabf Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-11714 Malicious code in stackstorm-runner-action-chain (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0cc9e6be890f15ba83b67af002dc0fdec59a68ebdd2696ab5168df443ed2dabf Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
Improper access control
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
StackStorm 安全漏洞
StackStorm is an event-driven automation platform. The platform is used for automated remediation, security response, troubleshooting and program deployment functions. A security vulnerability exists in StackStorm version 3.7.0, which stems from improper Key-Value RBAC access control that fails t...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
PT-2022-27071 · Unknown · Stackstorm
Name of the Vulnerable Software and Affected Versions: StackStorm version 3.7.0 Description: The issue is related to improper access control in Key-Value RBAC, where permissions in Jinja filters are not checked, allowing attackers to access Key-Value pairs of other users. This could potentially...