CVE-2023-2783 App Framework does not checks for the secret provided in the incoming webhook request

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in the Mattermost Apps Framework, which can be exploited by an attacker to send a POST request to the application's Webhook path and modify the content of messages...

The vulnerability of the Webhook component in the Kubernets Rancher cluster management software allows a hacker to increase their privileges.

The vulnerability of the Webhook component in Kubernets Rancher’s cluster management software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go...

CVE-2023-22651

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

CVE-2023-22651

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

Privilege escalation

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

CVE-2023-22651

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

CVE-2023-22651

CVE-2023-22651 — SUSE Rancher Webhook misconfiguration during upgrade : A failure in Rancher’s admission webhook update logic can misconfigure the webhook, potentially enabling privilege escalations in clusters upgrading from 2.6.x or 2.7.x to 2.7.2. Affected systems that were fresh-installed to ...

Privilege Escalation

github.com/rancher/webhook is vulnerable to Privilege Escalation. The library enforces validation rules and security checks before resources are admitted into the cluster, but if it is operating in a degraded state, it may not validate any resources, leading to privilege escalations and data...

SUSE CVE-2023-22651

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...

Vulnerability fixed in Rancher

A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...

Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

GHSA-6M9F-PJ6W-W87G Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

PT-2023-2916 · Suse · Suse Rancher

Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions 2.6.x through 2.7.x Description: The issue is related to improper privilege management in SUSE Rancher, allowing privilege escalation. A failure in the update logic of Rancher's admission Webhook may lead to the...

Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication

Jenkins Quay.io trigger Plugin provides a webhook endpoint at /quayio-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attacker...

GHSA-Q2FC-9WW2-GGFJ Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication

Jenkins Quay.io trigger Plugin provides a webhook endpoint at /quayio-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attacker...

Jenkins Assembla merge request builder Plugin missing authentication to access endpoint

Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...

Jenkins Fogbugz Plugin has missing permissions check

Jenkins Fogbugz Plugin provides a webhook endpoint at /fbTrigger/ that can be used to trigger builds of any jobs. In Fogbugz Plugin 2.2.17 and earlier, this endpoint can be accessed by attackers with Item/Read permission, allowing them to trigger builds of jobs specified in a jobname request...

GHSA-JR86-6J4J-MV45 Jenkins Assembla merge request builder Plugin missing authentication to access endpoint

Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...