Lucene search
K

80 matches found

Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29583

Name of the Vulnerable Software and Affected Versions Temporal Server versions 1.29.0 and later Description A user with a writer role in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the...

2.3CVSS6AI score0.00248EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

Temporal Server 安全漏洞

Temporal Server is a microservices orchestration platform developed by Temporal Corporation. There is a security vulnerability in Temporal Server. This vulnerability stems from the fact that users with the “Writer” role in the namespaces controlled by attackers can send signals, delete, and reset...

2.3CVSS5.9AI score0.00248EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/02/28 7:17 p.m.6 views

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: k9s-fips, jobset-fips, blob-csi-fips, tfsec, kubevela-fips, trivy-operator-fips, bank-vaults, rancher-system-agent, flyte, cloudbeat, vault-secrets-webhook, cass-operator, migrate, spire-server-fips, onepassword-operator, k8s-agents-operator-fips, ops-agent,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/02/20 1:17 a.m.21 views

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: percona-xtradb-cluster-operator, apko, kyverno-policy-reporter-fips, dgraph, keda, argo-workflows, crossplane-provider-sql, rekor-fips, sftpgo-plugin-eventstore, ory-kratos, elastic-agent-fips, grafana-alloy, step-ca, spire-server-fips, agentbeat-fips, tailscale,...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/01/17 12:32 a.m.9 views

SUSE CVE-2025-14987

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS7.3AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 7:15 p.m.6 views

GO-2026-4273 Temporal has an Incorrect Authorization vulnerability in go.temporal.io/server

Temporal has an Incorrect Authorization vulnerability in go.temporal.io/server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

5.3CVSS6.8AI score0.00358EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

4.4CVSS6.6AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 8:27 p.m.4 views

CVE-2025-14987

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS7.2AI score0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 9:30 p.m.5 views

EUVD-2025-205855

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS6.7AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2025/12/30 9:30 p.m.2 views

GHSA-HMHP-GH8M-C8XP Temporal has an Incorrect Authorization vulnerability

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS7.2AI score0.00358EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/30 8:44 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the system.enableCrossNamespaceCommands when it is enabled on by default. An attacker can perform unauthorized actions in a different namespace by submitting workflow task commands that target namespaces othe...

6.3CVSS7AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/30 8:41 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when the frontend.enableExecuteMultiOperation is enabled. An attacker can circumvent namespace-specific validation and feature gates by setting the embedded StartWorkflowExecutionRequest's namespace field to a...

5.3CVSS6.8AI score0.00415EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/30 8:16 p.m.25 views

CVE-2025-14987 Cross Namespace Commands Authorization Bypass

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS0.00358EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 8:16 p.m.5 views

CVE-2025-14987 Cross Namespace Commands Authorization Bypass

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS6AI score0.00358EPSS
Exploits0References6
CVE
CVE
added 2025/12/30 8:16 p.m.19 views

CVE-2025-14987

CVE-2025-14987 : Temporal server has an Incorrect Authorization flaw when system.enableCrossNamespaceCommands is enabled (default on). The frontend validates RespondWorkflowTaskCompleted for the outer namespace, but the history service executes commands using the namespace embedded in command att...

5.3CVSS6.9AI score0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/30 8:16 p.m.4 views

CVE-2025-14987 Cross Namespace Commands Authorization Bypass

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS6.9AI score0.00358EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-54225

Name of the Vulnerable Software and Affected Versions Temporal versions through 1.29.1 Description When the system.enableCrossNamespaceCommands setting is enabled, the Temporal server allows specific workflow task commands—including StartChildWorkflowExecution, SignalExternalWorkflowExecution, an...

5.3CVSS6.6AI score0.00358EPSS
Exploits0References10
Veracode
Veracode
added 2025/10/29 6:34 a.m.5 views

Denial Of Service (DoS)

go.temporal.io/server is vulnerable to Denial of service DoS. The vulnerability is due to insufficiently specific bounds checking on the authorization header, which allows an attacker to trigger excessive memory allocation leading to a denial of service...

6.9CVSS6.9AI score0.00362EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1323

Malicious code in bioql PyPI...

4.4CVSS5AI score0.00487EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2025-29200

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00362EPSS
Exploits0References4
Rows per page
Query Builder