31 matches found
GHSA-965M-V4CC-6334 Unauthenticated Admission Webhook Endpoints in Yoke ATC
Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
yoke 访问控制错误漏洞
Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhook URLs which are not validated. An attacker can access internal services, private networks, or cloud metadata endpoints by configuring malicious webhook URLs. PoC ssh localhost webhook crea...
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
CVE-2025-2934
CVE-2025-2934 affects GitLab CE/EE prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2. An authenticated attacker could induce a denial-of-service by configuring malicious webhook endpoints that send crafted HTTP responses. The issue has been remediated in the patch releases GitLab 18...
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
EUVD-2025-33330
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTT...
PT-2025-41372
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 5.2 through 18.2.8 GitLab CE/EE versions 18.3 through 18.3.4 GitLab CE/EE versions 18.4 through 18.4.2 Description An authenticated attacker could create a denial of service condition by configuring malicious webhook...
Cross-site Scripting (XSS)
Overview pywa is a 🚀 Build WhatsApp Bots in Python • Fast, Effortless, Powerful Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhook challenge and update handlers in the Flask and FastAPI webhook endpoints. An attacker can execute malicious scripts in...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the webhook endpoints. An attacker can cause the plugin to crash by repeatedly sending invalid request bodies to the server. Remediation Upgrade...