Lucene search
+L

397 matches found

CNNVD
CNNVD
added 2022/04/08 12:0 a.m.8 views

编号撤回

Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...

5.6AI score
Exploits2
Veracode
Veracode
added 2022/02/28 7:59 a.m.17 views

Privilege Escalation

github.com/clastix/capsule-proxy is vulnerable to privilege escalation. The vulnerability exists due to the malicious Connection header in the Kubernetes API Server allowing an unauthorized user to gain cluster-admin privileges...

8.8CVSS3.3AI score0.01397EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...

3.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/23 9:17 p.m.33 views

Improper Authentication in Capsule Proxy

Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...

8.8CVSS2.9AI score0.01397EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/02/23 9:17 p.m.62 views

GHSA-9CWV-CPPX-MQJM Improper Authentication in Capsule Proxy

Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...

8.8CVSS8.8AI score0.01397EPSS
Exploits1References5
NVD
NVD
added 2022/02/22 8:15 p.m.27 views

CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS0.01397EPSS
Exploits1References3
Prion
Prion
added 2022/02/22 8:15 p.m.10 views

Design/Logic Flaw

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

6.5CVSS8.8AI score0.01397EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/22 7:55 p.m.6 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.9AI score0.01397EPSS
Exploits1References3
CVE
CVE
added 2022/02/22 7:55 p.m.735 views

CVE-2022-23652

Capsule-proxy (the reverse proxy for Capsule Operator) is affected. In versions prior to 0.2.1, an attacker with proper authentication can send a malicious Connection header to escalate privileges toward the Kubernetes API Server, exploiting the cluster-admin role bound to capsule-proxy. Multiple...

8.8CVSS8.8AI score0.01397EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/02/22 7:55 p.m.27 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS9.1AI score0.01397EPSS
Exploits1References3
OSV
OSV
added 2022/02/22 7:55 p.m.21 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.7AI score0.01397EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/02/22 12:0 a.m.2 views

PT-2022-2954 · Unknown · Capsule-Proxy

Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.2.1 Description: The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious Connectio...

9CVSS7.6AI score0.01397EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.4 views

capsule-proxy 授权问题漏洞

The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...

8.8CVSS7.8AI score0.01397EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/01/24 8:1 a.m.17 views

CVE-2021-25035 Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting

The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00887EPSS
Exploits2References2
CVE
CVE
added 2022/01/24 8:1 a.m.44 views

CVE-2021-25035

CVE-2021-25035 affects the WordPress plugin “Backup and Staging by WP Time Capsule” (versions before 1.22.7). The issue is caused by insufficient sanitization/escaping of the error parameter when it is output on an admin page, resulting in a reflected XSS. Several sources (NVD, CVE List, Red Hat,...

6.1CVSS6AI score0.00887EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in versions of the Backup and Staging by WP Time...

6.1CVSS5.7AI score0.00887EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2022/01/19 2:43 p.m.109 views

Moderate: Red Hat Security Advisory: Satellite 6.10.2 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...

6.2CVSS6.7AI score0.01777EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/01/07 12:1 a.m.33 views

Incorrect Comparison in cvxopt

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS5.5AI score0.01184EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/01/07 12:1 a.m.1 views

GHSA-8RH6-H94M-VJ54 Incorrect Comparison in cvxopt

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

8.7CVSS5.9AI score0.01184EPSS
Exploits1References7
Rows per page
Query Builder