3509 matches found
CVE-2023-22651
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
CVE-2023-22651
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
Privilege escalation
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
CVE-2023-22651
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
CVE-2023-22651
CVE-2023-22651 — SUSE Rancher Webhook misconfiguration during upgrade : A failure in Rancher’s admission webhook update logic can misconfigure the webhook, potentially enabling privilege escalations in clusters upgrading from 2.6.x or 2.7.x to 2.7.2. Affected systems that were fresh-installed to ...
Privilege Escalation
github.com/rancher/webhook is vulnerable to Privilege Escalation. The library enforces validation rules and security checks before resources are admitted into the cluster, but if it is operating in a degraded state, it may not validate any resources, leading to privilege escalations and data...
SUSE CVE-2023-22651
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into th...
Vulnerability fixed in Rancher
A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...
GHSA-6M9F-PJ6W-W87G Rancher Webhook is misconfigured during upgrade process
Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...
Rancher Webhook is misconfigured during upgrade process
Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...
PT-2023-2916 · Suse · Suse Rancher
Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions 2.6.x through 2.7.x Description: The issue is related to improper privilege management in SUSE Rancher, allowing privilege escalation. A failure in the update logic of Rancher's admission Webhook may lead to the...
GHSA-Q2FC-9WW2-GGFJ Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication
Jenkins Quay.io trigger Plugin provides a webhook endpoint at /quayio-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attacker...
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication
Jenkins Quay.io trigger Plugin provides a webhook endpoint at /quayio-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attacker...
GHSA-2482-GR3V-F3F3 Jenkins Fogbugz Plugin has missing permissions check
Jenkins Fogbugz Plugin provides a webhook endpoint at /fbTrigger/ that can be used to trigger builds of any jobs. In Fogbugz Plugin 2.2.17 and earlier, this endpoint can be accessed by attackers with Item/Read permission, allowing them to trigger builds of jobs specified in a jobname request...
GHSA-JR86-6J4J-MV45 Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Jenkins Assembla merge request builder Plugin provides a webhook endpoint at /assembla-webhook/ that can be used to trigger builds of jobs configured to use a specified repository. In Assembla merge request builder Plugin 1.1.13 and earlier, this endpoint can be accessed without authentication...
Jenkins Fogbugz Plugin has missing permissions check
Jenkins Fogbugz Plugin provides a webhook endpoint at /fbTrigger/ that can be used to trigger builds of any jobs. In Fogbugz Plugin 2.2.17 and earlier, this endpoint can be accessed by attackers with Item/Read permission, allowing them to trigger builds of jobs specified in a jobname request...
GHSA-7GQC-Q9MC-6348 Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository...
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository...
CVE-2023-30520
Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads...