57 matches found
Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...
EUVD-2021-1161
Malware in sbrugna...
EUVD-2021-1178
Malware in sbrugna...
CVE-2019-19030
Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal via the HTTP status code whether a resource exists...
CVE-2019-19025
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform...
CVE-2019-19023
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform...
CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...
CVE-2023-27584
CVE-2023-27584 affects Dragonfly2, an open-source P2P file distribution system. The vulnerability is caused by a hard-coded JWT secret key, "Secret Key", which enables authentication bypass. An attacker can perform actions with admin privileges by crafting a valid JWT token, potentially accessing...
GO-2022-0883 SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0876 Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
Cross-site Request Forgery CSRF in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0853 SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
CVE-2019-25210
An issue was discovered in Cloud Native Computing Foundation CNCF Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was...
[SECURITY] Fedora 39 Update: nats-server-2.10.5-1.fc39
A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...
[SECURITY] Fedora 38 Update: nats-server-2.10.5-1.fc38
A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...
Fedora: Security Advisory for nats-server (FEDORA-2023-66966ae3d0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nats-server (FEDORA-2023-3a895ff65c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nats-server (FEDORA-2023-6b89bc0305)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: nats-server-2.10.3-1.fc39
A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...
Fedora: Security Advisory for nats-server (FEDORA-2023-c33188f575)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: nats-server-2.10.3-1.fc38
A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...