4 matches found
PT-2022-24256 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.3.4 Description: The issue is related to an insecure umask configuration in Apache Airflow when running with the --daemon flag. This could lead to a race condition, resulting in world-writable files in the...
PT-2022-23159 · Sftpgo · Sftpgo
Name of the Vulnerable Software and Affected Versions: SFTPGo versions 2.2.0 through 2.3.3 Description: SFTPGo is a configurable SFTP server with optional HTTP/S, FTP/S, and WebDAV support. It supports login using TOTP Time-based One Time Passwords as a secondary authentication factor and also...
PT-2022-18522 · Synology · Synology Calendar
Name of the Vulnerable Software and Affected Versions: Synology Calendar versions prior to 2.3.4-0631 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote...
Logstash 2.3.3 Elasticsearch Output Vulnerability
Hi all, we would like to announce a security vulnerability we discovered in our testing. Logstash 2.3.4 has been released with a patch to fix this. Issue Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...