617 matches found
CVE-2024-45807
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...
CVE-2024-45807
CVE-2024-45807 affects Envoy 1.31.x where the default HTTP/2 codec is the oghttp implementation. The issue stems from bugs in stream management within oghttp2, which can cause Envoy to crash. A fix is available: upgrade to 1.31.2 (addressed in multiple advisories). Workarounds include disabling o...
CVE-2023-27584
CVE-2023-27584 affects Dragonfly2, an open-source P2P file distribution system. The vulnerability is caused by a hard-coded JWT secret key, "Secret Key", which enables authentication bypass. An attacker can perform actions with admin privileges by crafting a valid JWT token, potentially accessing...
CVE-2024-45410
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
IBM Concert Information Disclosure Vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A security vulnerability exists in IBM Concert version 1.0 that stems from not setting a security attribute on an authorization token or session cookie...
Introducing Wiz Code: transform your AppSec with Wiz
Cloud-native security starts with your code...
CVE-2024-34158 vulnerabilities
Vulnerabilities for packages: gitsign, logstash-exporter, cilium-fips, swagger, logstash-exporter-fips, haproxy-ingress, prometheus-adapter-fips, aws-flb-cloudwatch-fips, crossplane-provider-aws-route53, prometheus-statsd-exporter, cloudnative-pg-fips, grpcurl, eck-operator, flux-helm-controller,...
CVE-2024-45054
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
CVE-2024-45054
CVE-2024-45054 affects Hwameistor’s clusterrole permissions, allowing a user with access to a worker node to abuse excessive privileges and achieve cluster‑level privilege escalation. Multiple connected sources confirm the issue and point to a fix in Hwameistor v0.14.6. Impact is limited to misco...
CVE-2024-45054 Potential Permission Leakage of Cluster Level in hwameistor
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has verbs of resources. If a malicious user can access the worker node which has hwameistor's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster,...
GO-2022-0863 Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0883 SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0876 Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
Cross-site Request Forgery CSRF in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0853 SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
This Week in Spring - August 20th, 2024
Hi, Spring fans! Welcome to another installment in This Week in Spring! And happy week-before-SpringOne! I'm so excited I could spit! As you might imagine, AI, cloud native architecture, and so much more are top-of-mind. I love AI, and all its many applications. In that spirit, let's get ChatGPT ...
5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
As the cloud landscape continues to evolve, organizations face the growing challenge of securing their cloud-native applications. We feel the 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms CNAPP provides invaluable insights into the latest trends and technologies that...
New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers runni...
Our Takeaways From 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP): Insights and Market Evolution
Are your cloud-native applications and multi-cloud infrastructure adequately protected against evolving threats? How confident are you in your current security measures for cloud workloads and containerized environments? The recent Gartner Market Guide for Cloud-Native Application Protection...
Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...