CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

CVE-2023-42501

Apache Superset prior to 2.1.2 is affected by CVE-2023-42501, where the Gamma role grants unnecessary read permissions, allowing authenticated users to read configured CSS templates and annotations. The vulnerability is described as an information disclosure risk with a CVSS v3.1 base score of 4....

CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...

PT-2023-28376 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue allows authenticated users to read configured CSS templates and annotations due to unnecessary read permissions within the Gamma role. Recommendations: For versions prior to 2.1.2...

OpenSupports Security Vulnerabilities

OpenSupports is a simple open source ticketing platform. A security vulnerability exists in OpenSupports version v4.11.0, which can be exploited to execute arbitrary code or create a reverse shell, due to a security restriction that can be bypassed by an attacker via annotations and uploading a...

GHSA-WJCC-CQ79-P63F Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incomi...

SUSE-SU-2023:4124-1 Security update for helm

This update for helm fixes the following issues: helm was updated to version 3.13.1: Fixing precedence issue with the import of values. Add missing with clause to release gh action FIX Default ServiceAccount yaml fixregistry: unswallow error remove useless print during prepareUpgrade fixregistry:...

CVE-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

Code injection

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

Specific Cilium configurations vulnerable to DoS via Kubernetes annotations

Impact In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with - policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 - io.cilium.proxy-visibility annotations in Cilium = v1.12 causes the Cilium agent to segfault on the node to which the workload is...

GHSA-24M5-R6HV-CCGP Specific Cilium configurations vulnerable to DoS via Kubernetes annotations

Impact In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with - policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 - io.cilium.proxy-visibility annotations in Cilium = v1.12 causes the Cilium agent to segfault on the node to which the workload is...

Cilium Security Vulnerabilities

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. Cilium suffers from a security vulnerability that stems from allowing an attacker to conduct a deni...

CVE-2023-41332 Denial of service via Kubernetes annotations in specific Cilium configurations

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

CVE-2023-41332 Denial of service via Kubernetes annotations in specific Cilium configurations

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

PT-2023-27909 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.14.2 Cilium versions prior to 1.13.7 Cilium versions prior to 1.12.14 Description: In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility...

CVE-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

Cross-Site Request Forgery (CSRF)

wallabag/wallabag is vulnerable to Cross-Site Request Forgery CSRF. Through the use of a malicious GET request to the /reset/annotations, /reset/entries, /reset/tags, or /reset/archived endpoints, an attacker is able to arbitrary reset annotations, entries, and tags...

Wallabag user can reset data unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived. This vulnerability has a CVSSv3.1 score of 4.3. You...

PT-2023-26310 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a...

PT-2023-4413 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...