42 matches found
EUVD-2021-1337
Malware in sbrugna...
EUVD-2021-28810
Malicious code in bioql PyPI...
EUVD-2023-1199
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-12797
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non- propagation to secondary data centers. Introduced in 1.4....
CVE-2023-30530
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2021-41805
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token with the default operator:write permissions in one namespace can be used for unintended privilege escalation in a different namespace...
Exploit for Incorrect Authorization in Hashicorp Consul
CVE-2021-41805 - HashiCorp Consul Enterprise RCE !WARNING...
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
A vulnerability was identified in Nomad such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11...
GHSA-9JFX-84V9-2RR2 Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
A vulnerability was identified in Nomad such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11...
PT-2023-24122 · Hashicorp +1 · Hashicorp Nomad Enterprise +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad Enterprise versions 1.2.11 through 1.5.6 HashiCorp Nomad Enterprise version 1.4.10 Description: A vulnerability exists where the API caller's ACL token secret ID is exposed to Sentinel policies. Additionally, ACL policies usin...
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...
GHSA-54CW-RVR3-W6CX Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...
CVE-2023-30530
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2023-30530
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2023-30531
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2023-30531
Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2023-30531
The CVE-2023-30531 entry concerns Jenkins Consul KV Builder Plugin (versions up to 2.0.13). The token is stored unencrypted in the global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml and is not masked on the global configuration form, enabling users with file-system ac...