24 matches found
EUVD-2021-24768
Malware in sbrugna...
EUVD-2021-19572
Malware in sbrugna...
EUVD-2021-19573
Malware in sbrugna...
Anonymous Authentication using Attribute-based Encryption
In today's digital age, personal data is constantly at risk of compromise. Attribute-Based Encryption ABE has emerged as a promising approach to privacy-preserving data protection. This paper proposes an anonymous authentication mechanism based on ABE, which allows users to authenticate without...
Policy As Code, Policy As Type
Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can be expressed as types in dependently typed languages suc...
CVE-2021-32835
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
Decentralized Multi-Authority Attribute-Based Inner-Product Functional Encryption: Noisy and Evasive Constructions from Lattices
We study multi-authority attribute-based functional encryption for noisy inner-product functionality, and propose two new primitives: 1 multi-authority attribute-based noisy inner-product functional encryption MA-ABNIPFE, which generalizes existing multi-authority attribute-based IPFE schemes by...
Multiparty Selective Disclosure Using Attribute-Based Encryption
This study proposes a mechanism for encrypting SD-JWT Selective Disclosure JSON Web Token Disclosures using Attribute-Based Encryption ABE to enable flexible access control on the basis of the Verifier's attributes. By integrating Ciphertext-Policy ABE CP-ABE into the existing SD-JWT framework, t...
Securing Immersive 360 Video Streams through Attribute-Based Selective Encryption
Delivering high-quality, secure 360� video content introduces unique challenges, primarily due to the high bitrates and interactive demands of immersive media. Traditional HTTPS-based methods, although widely used, face limitations in computational efficiency and scalability when securing these...
An Approach for Handling Missing Attribute Values in Attribute-Based Access Control Policy Mining
Attribute-Based Access Control ABAC enables highly expressive and flexible access decisions by considering a wide range of contextual attributes. ABAC policies use logical expressions that combine these attributes, allowing for precise and context-aware control. Algorithms that mine ABAC policies...
Identity Control Plane: the Unifying Layer for Zero Trust Infrastructure
This paper introduces the Identity Control Plane ICP, an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials v...
Cross site scripting
The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and...
CVE-2022-1628
CVE-2022-1628 concerns the Simple SEO plugin for WordPress up to version 1.7.91, where an attribute-based stored cross-site scripting (XSS) flaw exists due to insufficient sanitization/escaping of the SEO social and standard title parameters. This can be exploited by authenticated users with Cont...
CVE-2021-32835
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...
CVE-2021-32834
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
Remote code execution
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...
Design/Logic Flaw
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
CVE-2021-32834 Arbitrary Groovy script evaluation in Eclipse Keti
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist...
Eclipse Keti 安全漏洞
Eclipse Keti is an Eclipse Foundation service that uses Attribute Based Access Control ABAC to protect restful APIs. A security vulnerability exists in Eclipse Keti that stems from a sandbox escape vulnerability in Keti. Exploitation of the vulnerability could lead to remote code execution after...