Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

GHSA-V3FV-V9M6-26G3 Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

CVE-2023-31678

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...

Brave Android 1.51.114 Security Fixes

Fixed Brave Wallet binding issue as reported on HackerOne by nick0ve. Upgraded Chromium to 113.0.5672.92 — refer to Google Chrome advisories for inherited CVEs...

CVE-2023-29092

An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface...

CVE-2023-29092

An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface...

CVE-2023-29092

CVE-2023-29092 affects Exynos Mobile Processor and Modem series (Exynos Modem 5123, 5300; Exynos 980; Exynos 1080). The vulnerability arises from improper handling of parameters during binding of a network interface, which can cause binding to a wrong resource. Documented impact indicates potenti...

PT-2023-22140 · Samsung · Exynos Modem 5123 +3

Name of the Vulnerable Software and Affected Versions: Exynos Mobile Processor and Modem versions for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080 Description: An issue was discovered due to improper handling of parameters while binding a network interface, which can cause...

wfc-pkt-router 安全漏洞

wfc-pkt-router is a software application. A security vulnerability exists in wfc-pkt-router that stems from the ability to incorrectly bind to an external network interface instead of a VPN tunnel...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability CVE-2023-21839 Oracle...

Design/Logic Flaw

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications...

CVE-2023-1968

Illumina UCS (Universal Copy Service) CVE-2023-1968 affects Illumina instruments using UCS v2.x. Vulnerability arises from binding to an unrestricted IP address, allowing an unauthenticated attacker to listen on all IPs and potentially eavesdrop on network traffic and remotely transmit commands. ...

PT-2023-2564 · Illumina · Illumina Universal Copy Service

Name of the Vulnerable Software and Affected Versions: Illumina Universal Copy Service versions 2.x Description: The issue is related to the binding of Illumina Universal Copy Service to an unrestricted IP address, allowing an unauthenticated malicious actor to use the service to listen on all IP...

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

Privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

Open Cluster Management 安全漏洞

Open Cluster Management is a community-driven project of Open Cluster Management open source. Focused on multi-cluster and multi-cloud scenarios for Kubernetes applications. Open Cluster Management has a security vulnerability that can be exploited by an attacker to bind cluster-admin to any...

PT-2023-18550 · Unknown · Open Cluster Management

Name of the Vulnerable Software and Affected Versions: Open Cluster Management OCM affected versions not specified Description: A flaw was found in the Open Cluster Management OCM when a user has access to the worker nodes with the cluster-manager-registration-controller or cluster-manager...

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

A large-scale attack campaign discovered in the wild has been exploiting Kubernetes K8s Role-Based Access Control RBAC to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm...

Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

CVE-2023-27495

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...