193 matches found
CVE-2024-37084
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
CVE-2024-37084
In Spring Cloud Data Flow, versions prior to 2.11.4 (notably 2.11.0–2.11.3) are affected. A malicious user with access to the Skipper server API can send a crafted upload request to write an arbitrary file to any location on the file system, which could lead to remote code execution and full serv...
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...
PT-2024-7036 · Spring · Spring Cloud Data Flow
Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions prior to 2.11.4 Description: A malicious user who has access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system, which could lead to...
Critical OpenStack Vulnerability Exposes Cloud Data
...
CVE-2024-22263
CVE-2024-22263 affects Spring Cloud Data Flow’s Skipper server, where improper sanitization of upload paths enables a malicious user with API access to write arbitrary files to the file system and potentially compromise the server. The vulnerability targets the upload mechanism (upload path handl...
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
CVE-2024-22263 Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...
VMware Spring Cloud Data Flow Security Vulnerability
VMware Spring Cloud Data Flow is a codebase for streaming and batch processing of data in microservices from VMware, Inc. A security vulnerability exists in VMware Spring Cloud Data Flow that stems from. Improperly cleaned upload paths could allow an attacker to write arbitrary files to any...
Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access
On June 2, Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access. Users and administrators ar...
The vulnerability of the Cisco Nexus Dashboard, a platform for analytics and automation of cloud computing data centers, stems from inadequate access control mechanisms. This allows attackers to elevate their privileges to the root level.
The vulnerability of the Cisco Nexus Dashboard, a platform for analytics and automation of cloud computing data centers, is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to elevate their privileges to the root level...
PT-2024-4070 · Unknown · Spring Cloud Data Flow
Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow affected versions not specified Description: The issue is related to improper sanitization for upload paths in the Skipper server, allowing a malicious user with access to the server API to write arbitrary files to any...
BIT-SPRING-CLOUD-DATAFLOW-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
This Week in Spring - January 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...
Digital Guardian Agent Security Vulnerability
Digital Guardian Agent is a widely used data protection platform for cloud environments from US-based Digital Guardian. Discovers, categorizes and controls the movement of data across endpoints, networks and clouds. A security vulnerability exists in Fortra Digital Guardian Agent prior to version...
The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, allows a hacker to cause a service failure.
The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, stems from the lack of preliminary checks by the server to verify the validity of email addresses when sending emails. Exploiting this vulnerability could allow an attack...
Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data
By Deeba Ahmed Qubitstrike Malware Uses Discord for C2 Communications in Cryptojacking Campaign Targeting Jupyter Notebooks. This is a post from HackRead.com Read the original post: Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...