10 matches found
EUVD-2024-3299
Malicious code in bioql PyPI...
CVE-2024-45794
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
SQL Injection
github.com/devtron-labs/devtron is vulnerable to SQL Injection. The vulnerability is due to insufficient sanitization of user inputs in the CreateUser API /orchestrator/user, allowing authenticated users with minimal permissions to execute malicious SQL queries...
GO-2024-3260 Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron
Devtron has SQL Injection in CreateUser API in github.com/devtron-labs/devtron...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...
GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...
VulnCheck KEV: CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...