Argo CD repo-server Denial of Service vulnerability

Impact All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious,...

CVE-2021-22099: Server Side Request Forgery in Cloud Controller | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry Cloud Controller component is vulnerable to a Server-Side Request Forgery SSRF vulnerability. A malicious user can use this vulnerability to send HTTP GET requests to any internal component in the CF environment, and also t...

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....

CVE-2019-11279: Privilege Escalation via Scope Manipulation in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious...