Lucene search
K

41 matches found

EUVD
EUVD
added 6 days ago8 views

EUVD-2026-37820

Steeltoe: TLS private keys written to /tmp with default permissions, never deleted...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-37813

Steeltoe's sensitive actuators heapdump/env only require Restricted permission...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-37806

Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago13 views

EUVD-2026-37801

Steeltoe vulnerable to management-port isolation bypass via spoofed Host header...

8.2CVSS5.8AI score0.00238EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/18 12:20 a.m.7 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...

7.4CVSS5.9AI score0.0029EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 12:20 a.m.5 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...

7.4CVSS5.9AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 11:17 p.m.13 views

CVE-2026-50268

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS0.00046EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 11:17 p.m.11 views

CVE-2026-50201

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

6.5CVSS0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 11:17 p.m.15 views

CVE-2026-50202

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 11:17 p.m.13 views

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:16 p.m.13 views

CVE-2026-50200

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

7.5CVSS0.00185EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 10:16 p.m.12 views

CVE-2026-50196

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 10:16 p.m.15 views

CVE-2026-50194

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 10:1 p.m.24 views

CVE-2026-50268 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS0.00046EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 10:1 p.m.23 views

CVE-2026-50268

In Steeltoe, the OAEP misconfiguration affects the package Steeltoe.Configuration.Encryption 4.0.0–4.1.0, where setting encrypt:rsa:algorithm=OAEP does not enable OAEP due to an incorrect BouncyCastle transformation string. As a result, OAEP is effectively PKCS#1 v1.5 padding, the same as DEFAULT...

1.9CVSS5.2AI score0.00046EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:57 p.m.48 views

CVE-2026-50267

CVE-2026-50267 affects Steeltoe Configuration Abstractions (versions 4.0.0–4.1.0). When MySQL/PostgreSQL service bindings from VCAP_SERVICES include TLS client credentials, the Connectors library writes these credentials to temporary files in Path.GetTempPath() via File.CreateText. On Linux, crea...

4.7CVSS5.2AI score0.00065EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:53 p.m.25 views

CVE-2026-50202

Summary: CVE-2026-50202 affects Steeltoe libraries: Steeltoe.Security.Authentication.CloudFoundryBase < 3.4.0, Steeltoe.Security.Authentication.JwtBearer < 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect

5.9CVSS5.3AI score0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.23 views

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:46 p.m.25 views

CVE-2026-50201

CVE-2026-50201: Steeltoe's sensitive actuators (heapdump, environment, thread dump) default to EndpointPermissions.Restricted in Steeltoe.Management.Endpoint (pre-4.2.0) and Steeltoe.Management.EndpointCore (pre-3.4.0), mapping to CF read_basic_data. Sensitive endpoints are not upgraded to Endpoi...

6.5CVSS5.2AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:46 p.m.21 views

CVE-2026-50201 Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

6.5CVSS0.00231EPSS
Exploits0References3
Rows per page
Query Builder