3 matches found
GHSA-5F5R-95PG-XRPM Beszel has an IDOR in hub API endpoints that read system ID from URL parameter
Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...
GHSA-PHWH-4F42-GWF3 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID
Summary The hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URLs using fmt.Sprintf with the raw value instead of...
Fedora 40 : kubernetes (2024-30f39c25ae)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-30f39c25ae advisory. Update to v1.29.7 for FC40. Resolves CVE-2024-5321: Incorrect permissions on Windows containers logs. Additional bug and regression fixes from upstream...