14 matches found
EUVD-2024-2627
Malicious code in bioql PyPI...
CVE-2024-45043
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
OpenTelemetry Collector < 0.108.0 Authentication Bypass
The OpenTelemetry Collector running on the remote host is prior to 0.108.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
GO-2024-3102 OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver...
Authentication Bypass
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver is vulnerable to unauthorized remote access. The vulnerability is due to improper enforcement of key requirements in the awsfirehosereceiver module, allowing unauthenticated requests even when a key is configur...
GHSA-PRF6-XJXH-P698 OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Summary OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key. OpenTelemetry Collector can be configured to receive CloudWatch metrics via an AWS Firehose Stream. Firehose sets the header X-Amz-Firehose-Access-Key with an...
CVE-2024-45043
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
CVE-2024-45043
CVE-2024-45043 – OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Affected component: OpenTelemetry Collector Contrib awsfirehosereceiver (alpha module). Issue: when configured to require an access key (X-Amz-Firehose-Access-Key), the receiver still accepts requests with no key...
CVE-2024-45043 OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
CVE-2024-45043 OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
CVE-2024-45043 OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...
CVE-2023-43784
Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...
Code injection
DISPUTED Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...
CVE-2023-43784
Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...