CVE-2021-43825

CVE-2021-43825 is a vulnerability in Envoy where a buffer overflow during response processing in the filter chain may cause a use-after-free, potentially crashing the process and causing a denial of service. The provided connected documents (OSV, RHSA/Nessus listings) describe the issue as a use-...

CVE-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...

CVE-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...

CVE-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...

CVE-2022-23606

CVE-2022-23606 affects Envoy. When a cluster is deleted via Cluster Discovery Service (CDS), idle connections to endpoints in that cluster are disconnected. A recursion was introduced in the disconnect procedure, which can lead to stack exhaustion and abnormal process termination when many idle c...

High-Severity RCE Bug Found in Popular Apache Cassandra Database

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...

Apache Apisix Remote Code Execution Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...

What is a cloud native application protection platform (CNAPP)?

We explore CNAPP, the latest industry acronym coined by the Gartner report Innovation Insight for Cloud-Native Application Protection Platforms, and why devs need to know about it...

A Cloud Native Application Protection Platform Guide

In this article we explore CNAPP, the latest industry acronym coined by Gartner, and why devs need to know about it...

What is Cloud Native?

You’ve most likely heard the term “cloud native,” but what does it really mean? This article explores the five requirements of a true cloud native application...

How to detect Apache Log4j vulnerabilities

Explore how to detect Apache Log4j Log4Shell vulnerabilities using cloud-native security tools...

Apache Apisix Licensing Issue Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

Exploit for Race Condition in Canonical Ubuntu_Linux

《云原生安全：攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全：攻防实践与体系构建》一书的补充材料和随书源码，供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用，严禁用于非法用途，违者后果自负！ 相关链接：豆瓣 | 京东 | 当当 补充阅读资料 - 100云计算简介.pdf - 101代码安全.pdf - 200容器技术.pdf - 201容器编排.pdf - 202微服务.pdf - 203服务网格.pdf - 204DevOps.pdf - CVE-2017-1002101：突破隔离访问宿主机文件系统.pdf -...

Apache Ozone input validation error vulnerability

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...

Apache Ozone Licensing Issue Vulnerability (CNVD-2021-91629)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an authorization issue vulnerability exists in Apache Ozone, which stems from the product's failure to protect OM requests with valid privileges. An attacker could create a...

Apache Ozone has an unspecified vulnerability (CNVD-2021-91624)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that allows an attacker to retrieve token data from the database and use it...

Apache Ozone has unspecified vulnerabilities

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. a security vulnerability in Apache Ozone version 1.2.0, which stems from the fact that certain administrator-related SCM commands can be executed by any authenticated user...

A Complete Guide to Cloud-Native Application Security

Explore this comprehensive guide to application security, which provides an overview of the importance of embedding runtime application security controls in the application build workflow to protect cloud-native web applications and APIs...

Best practices in WAF gateways to meet the demands of digital transformation

Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...