Lucene search
K

13 matches found

Chainguard
Chainguard
added 2024/03/05 11:15 p.m.76 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: ferretdb, prometheus-mysqld-exporter, prometheus-beat-exporter, prometheus-nats-exporter, flux-source-controller, cert-manager-fips, cluster-proportional-autoscaler, nri-kubernetes, datadog-agent-fips, secrets-store-csi-driver, skaffold, grpc-health-probe,...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/12/22 8:36 p.m.25 views

CVE-2022-23551

A flaw was found in aad-pod-identity. This issue could allow an attacker to obtain a token when a request is made that includes a backslash, bypassing proper validation and completing the request...

5.3CVSS3.4AI score0.00709EPSS
Exploits0References6
Veracode
Veracode
added 2022/12/22 2:33 a.m.29 views

Information Disclosure

github.com/Azure/aad-pod-identity is vulnerable to information disclosure. The vulnerability exists because server.go does not properly handle invalid token requests, allowing an attacker to bypass the NMI validation and send the token to IMDS in the cluster through the token request made with...

5.3CVSS5.2AI score0.00709EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/12/21 8:15 p.m.16 views

CVE-2022-23551

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

5.3CVSS0.00709EPSS
Exploits0References3
Prion
Prion
added 2022/12/21 8:15 p.m.17 views

Cross site request forgery (csrf)

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

3.8CVSS5.2AI score0.00709EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/12/21 7:50 p.m.23 views

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

5.3CVSS5.3AI score0.00709EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/12/21 7:50 p.m.6 views

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

5.3CVSS5.2AI score0.00709EPSS
Exploits0References3
CVE
CVE
added 2022/12/21 7:50 p.m.100 views

CVE-2022-23551

CVE-2022-23551 concerns AAD Pod Identity: the NMI component could bypass validation for token requests containing a backslash (example /metadata/identity\oauth2\token/), potentially enabling a pod to access identities it should not have. The bug arises from NMI’s regex-based validation and is add...

5.3CVSS5.1AI score0.00709EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/12/21 7:50 p.m.26 views

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

5.3CVSS5.5AI score0.00709EPSS
Exploits0References3
OSV
OSV
added 2022/12/21 6:48 p.m.21 views

GHSA-P82Q-RXPM-HJPC AAD Pod Identity obtaining token with backslash

Impact What kind of vulnerability is it? Who is impacted? The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request example: /metadata/identity\oauth2\token/ would bypass the NMI validation and be...

5.3CVSS5AI score0.00709EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/12/21 6:48 p.m.20 views

AAD Pod Identity obtaining token with backslash

Impact What kind of vulnerability is it? Who is impacted? The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request example: /metadata/identity\oauth2\token/ would bypass the NMI validation and be...

5.3CVSS2.9AI score0.00709EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.2 views

PT-2022-7109 · Microsoft · Aad Pod Identity

Name of the Vulnerable Software and Affected Versions: AAD Pod Identity versions prior to 1.8.13 Description: The issue is related to the NMI component in AAD Pod Identity, which intercepts and validates token requests based on regex. A token request made with a backslash in the request, for...

5.5CVSS6.8AI score0.00709EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2022/12/21 12:0 a.m.22 views

Improper Restriction of Security Token Assignment

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

5.3CVSS2.9AI score0.00709EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder