GHSA-PP3F-98QG-5G75 aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

CVE-2022-2385

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

CVE-2022-2385

aws-iam-authenticator (sigs.k8s.io/aws-iam-authenticator) contains CVE-2022-2385, where an allow-listed IAM identity may modify their username and escalate privileges. Technical details in connected docs indicate the issue relates to an AccessKeyID validation bypass in versions prior to v0.5.9. A...

PT-2022-16291 · Amazon +1 · Aws-Iam-Authenticator +1

Name of the Vulnerable Software and Affected Versions: aws-iam-authenticator versions prior to 0.5.9 Description: A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. Recommendations: For versions...

aws-iam-authenticator 安全漏洞

aws-iam-authenticator is a Kubernetes SIGs open source tool for authenticating to a Kubernetes cluster using AWS IAM credentials. A security vulnerability exists in Kubernetes SIGs aws-iam-authenticator that stems from a whitelisted IAM identity being able to modify its username and elevate...

WordPress plugin Google Authenticator cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Google Authenticator plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...

WordPress Google Authenticator plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to Google Authenticator...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31052 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31052 Source advisory: OSV:GHSA-22P3-QRH9-CX32...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross site scripting

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-1321

The CVE-2022-1321 entry concerns miniOrange’s Google Authenticator WordPress plugin, versions before 5.5.6. The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of certain settings, enabling an administrator to inject JavaScript that executes ...

CVE-2022-0875

The CVE-2022-0875 entry concerns the miniOrange Google Authenticator WordPress plugin before version 1.0.5. The vulnerability arises because the plugin does not perform CSRF checks when saving settings and fails to sanitise/escape input, enabling a logged-in administrator to modify settings and t...

WordPress plugin Google Authenticator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...