192 matches found
GHSA-VWCH-G97W-HFG2 CubeFS leaks users key in logs
CubeFS was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher...
CubeFS leaks users key in logs
CubeFS was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher...
CubeFS leaks magic secret key when starting Blobstore access service
A vulnerability was found in CubeFS that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not ha...
GHSA-4248-P65P-HCRM Insecure random string generator used for sensitive data
CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates ne...
Insecure random string generator used for sensitive data
CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates ne...
CubeFS timing attack can leak user passwords
A vulnerability was found during in the CubeFS master component that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the...
GHSA-8579-7P32-F398 CubeFS timing attack can leak user passwords
A vulnerability was found during in the CubeFS master component that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the...
GHSA-QC6V-G3XW-GRMX Authenticated users can crash the CubeFS servers with maliciously crafted requests
A security vulnerability was found in CubeFS HandlerNode that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to...
GHSA-99JV-8292-2HPM eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
GHSA-V7HC-87JC-QRRR eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
[SECURITY] Fedora 39 Update: nats-server-2.10.5-1.fc39
A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation CNCF...
Fedora: Security Advisory for nats-server (FEDORA-2023-66966ae3d0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nats-server (FEDORA-2023-3a895ff65c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-QMVJ-4QR9-V547 Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Summary A vulnerability was fond in Knative Serving that could allow an attacker to crash the Knative Serving autoscaler resulting in a denial of service. The attacker would need to have compromised one pod in the Knative Serving deployment, and with that position they could launch the attack...
GHSA-3HFQ-CX9J-923W Attacker can cause Kyverno user to unintentionally consume insecure image
An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno fetch their images from. The attacker could then return a vulnerable image to the the user and leverage th...
Attacker can cause Kyverno user to unintentionally consume insecure image
An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno fetch their images from. The attacker could then return a vulnerable image to the the user and leverage th...
Fedora 39 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-6b89bc0305)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6b89bc0305 advisory. Contains updates to address CVE-2022-28357,41717 and also NATS: 2023-01 nats-server: Adding accounts for just the system account adds auth bypass Tenable has...
Rocky Linux 8 : container-tools:rhel8 (RLSA-2019:3403)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3403 advisory. - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift...