9 matches found
Elastic Elasticsearch 安全漏洞
Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A security vulnerability exists in Elastic Elasticsearch that stems from the insertion of sensitive information into log files when auditing requests under certain conditions, which could lead to...
EUVD-2024-3351
Malicious code in bioql PyPI...
Vault Denial of Service Though Complex JSON Payloads
Summary A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to becom...
CVE-2024-52282
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing lo...
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing lo...
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing lo...
CVE-2024-52282
CVE-2024-52282 describes an information-disclosure in Rancher Helm Applications: unauthenticated GET access to the Rancher Manager Apps Catalog can read sensitive values and auditing data when audit level >= 2. Affected: Rancher 2.8.0–2.8.9 and 2.9.0–2.9.3. Remediation: upgrade to Rancher 2.8....
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps’ values. Additionally, the same information leaks into auditing lo...
PT-2024-35150 · Rancher · Rancher Manager
Name of the Vulnerable Software and Affected Versions: Rancher Manager versions prior to 2.8.10 Rancher Manager versions prior to 2.9.5 Description: A vulnerability has been identified in Rancher Manager where applications installed via the Apps Catalog store their Helm values directly into the...