6 matches found
GoFiber Vulnerable to Username Enumeration via Timing Oracle in BasicAuth Default Authorizer
Summary The default Authorizer function in GoFiber's BasicAuth middleware uses short-circuit evaluation that skips password hash comparison for non-existent usernames. With bcrypt-hashed passwords the primary use case, the timing difference between a valid and invalid username is approximately...
Netmaker does not verify JWT signatures for host tokens
Netmaker by Gravitl is an open-source WireGuard-based networking platform for creating and managing virtual overlay networks. The VerifyHostToken function in logic/jwts.go does not validate the JWT signature when verifying host tokens. After calling jwt.ParseWithClaims, the function only checks...
openSUSE 15: golang-github-prometheus-promu / prometheus-blackbox_exporter / etc (SUSE-SU-2023:2182-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2182-1 advisory. prometheus-blackboxexporter: - Security issues fixed: CVE-2022-46146: Fix authentication bypass via cache poisoning bsc1208062 - Other non-security...
DEBIAN-CVE-2022-46146
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...
CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...
CVE-2017-15536
An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...