397 matches found
编号撤回
Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...
Privilege Escalation
github.com/clastix/capsule-proxy is vulnerable to privilege escalation. The vulnerability exists due to the malicious Connection header in the Kubernetes API Server allowing an unauthorized user to gain cluster-admin privileges...
WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...
WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...
Improper Authentication in Capsule Proxy
Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...
GHSA-9CWV-CPPX-MQJM Improper Authentication in Capsule Proxy
Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...
CVE-2022-23652
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
Design/Logic Flaw
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652
Capsule-proxy (the reverse proxy for Capsule Operator) is affected. In versions prior to 0.2.1, an attacker with proper authentication can send a malicious Connection header to escalate privileges toward the Kubernetes API Server, exploiting the cluster-admin role bound to capsule-proxy. Multiple...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
PT-2022-2954 · Unknown · Capsule-Proxy
Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.2.1 Description: The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious Connectio...
capsule-proxy 授权问题漏洞
The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...
CVE-2021-25035 Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2021-25035
CVE-2021-25035 affects the WordPress plugin “Backup and Staging by WP Time Capsule” (versions before 1.22.7). The issue is caused by insufficient sanitization/escaping of the error parameter when it is output on an admin page, resulting in a reflected XSS. Several sources (NVD, CVE List, Red Hat,...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in versions of the Backup and Staging by WP Time...
Moderate: Red Hat Security Advisory: Satellite 6.10.2 Async Bug Fix Update
Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...
Incorrect Comparison in cvxopt
Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...
GHSA-8RH6-H94M-VJ54 Incorrect Comparison in cvxopt
Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...