GHSA-2GW6-73WC-X88F Apache Geode information disclosure vulnerability

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

PT-2022-10470 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: argocd affected versions not specified Description: A flaw was found in argocd, allowing any unprivileged user to deploy argocd in their namespace. With the created ServiceAccount argocd-argocd-server, the unprivileged user can read all...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

Code injection

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

CVE-2017-15138

OpenShift OpenShift Enterprise cluster-read can access webhook tokens, enabling an attacker with sufficient privileges to view confidential webhook tokens. The issue is an improper authorization flaw in the atomic-openshift component affecting OpenShift Container Platform (and Enterprise) where c...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...