11 matches found
EUVD-2024-25097
Malicious code in bioql PyPI...
CVE-2024-27905
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
CVE-2024-27905
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
CVE-2024-27905
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
Remote code execution
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
CVE-2024-27905 Apache Aurora: padding oracle can allow construction an authentication cookie
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
CVE-2024-27905 Apache Aurora: padding oracle can allow construction an authentication cookie
UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...
CVE-2024-27905
Apache Aurora is affected by a vulnerability described as an exposure of sensitive information to an unauthenticated actor, arising from an endpoint that exposes internals and can function as a padding oracle to craft a valid authentication cookie. The issue can potentially be combined with other...
PT-2024-2664 · Apache · Apache Aurora
Name of the Vulnerable Software and Affected Versions: Apache Aurora affected versions not specified Description: The issue is related to the exposure of sensitive information. An endpoint that exposes internals to unauthenticated users can be used as a "padding oracle", allowing an anonymous...
Apache Aurora Information Disclosure Vulnerability
Apache Aurora is a Mesos framework for long-running services and cron jobs from the Apache Foundation USA. An information disclosure vulnerability exists in Apache Aurora versions 0.5.0 and later, which originates from allowing an unauthorized attacker to obtain sensitive information...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
This repository is an open-source project called "Attack-Defense ThinkTank" openKylin, which is a community-driven platform for sharing knowledge and research on attack and defense techniques. The project is hosted on Gitee, a Chinese version of GitHub. The repository contains various articles an...