CVE-2024-54675

app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP 2.5.2 and earlier versions,...

GitHub CLI 路径遍历漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. A path traversal vulnerability exists in GitHub CLI version 2.63.0 and earlier, which stems from the possibility that files may be created or overwritten in unintended directories when a user downloads a malicious GitHub...

PT-2024-9531

Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.63.1 Description A security issue has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run...

GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

CVE-2024-52814

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...

CVE-2024-52814 Helm Lacks Granularity in Workflow Role

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...

CVE-2024-52814 Helm Lacks Granularity in Workflow Role

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...

CVE-2024-52814

CVE-2024-52814 — Helm (Argo) workflow-role privileges lack granularity : Affects Argo Helm prior to 0.45.0. The issue grants broad permissions in the workflow-role to all workflow Pods, not only those that require them, potentially impacting status reporting for certain Pods/Templates. Multiple s...

CVE-2024-52814 Helm Lacks Granularity in Workflow Role

Argo Helm is a collection of community maintained charts for argoproj.github.io projects. Prior to version 0.45.0, the workflow-role lacks granularity in its privileges, giving permissions to workflowtasksets and workflowartifactgctasks to all workflow Pods, when only certain types of Pods create...

Argo Helm 安全漏洞

Argo Helm is a community-maintained chartset open-sourced by the Argo Project. A security vulnerability exists in Argo Helm versions prior to 0.45.0 that stems from a lack of granularity in workflow-role permissions...

PT-2024-35462 · Argo Helm · Argo Helm

Name of the Vulnerable Software and Affected Versions: Argo Helm versions prior to 0.45.0 Description: The issue is related to the workflow-role lacking granularity in its privileges, giving unnecessary permissions to workflowtasksets and workflowartifactgctasks for all workflow Pods. This could...

CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role

Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...

CVE-2024-52799 Argo Workflows Chart: Excessive Privileges in Workflow Role

Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those...

CVE-2024-52799

Argo Workflows Chart (Helm) prior to 0.44.0 has a vulnerable workflow-role with excessive privileges, including create pods/exec, enabling kubectl exec into any Pod in the same namespace and potentially arbitrary code execution if a user runs a malicious template. Affected charts are those using ...

PT-2024-35450 · Unknown · Argo Workflows Chart

Name of the Vulnerable Software and Affected Versions: Argo Workflows Chart versions prior to 0.44.0 Description: The workflow-role in the Argo Workflows Chart has excessive privileges, including the ability to create pods/exec, which allows for arbitrary code execution within pods in the same...

PT-2024-40635 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash involves functions such as zoom search again, ndpi detection...

datamorph-workflow-generator (=0.0.2), i2b2-import (>=0.0.1 <=1.5.34) +1 more potentially affected by CVE-2024-45784 via airflow (=0.6.0)

airflow PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on airflow and may be impacted: - datamorph-workflow-generator =0.0.2 - i2b2-import =0.0.1, =1.5.34 - pandasdb =0.0.10 Source cves: CVE-2024-45784 Source advisory:...

Business Logic Attacks Target Election-Related Sites on Election Day

As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...