CVE-2022-2883

In Octopus Deploy, a vulnerability exists where a zipbomb file can be uploaded as a task, leading to Denial of Service. The impact is a HIGH severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) with network attack vector and no user interaction. The available sources (NVD, Red Hat advisory, C...

CVE-2022-2883

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...

CVE-2022-2883

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service...

Malicious Package

Overview pino-deploy is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Octopus Deploy 代码问题漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from the possibility of uploading a zipbomb file as a task resulting in a denial of service...

SUSE CVE-2015-3010

ceph-deploy before 1.5.23 uses weak permissions 644 for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

SUSE CVE-2015-4053

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

SUSE CVE-2017-1000113

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...

SUSE CVE-2019-13509

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting ( CVE-2022-46771 )

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

Authentication flaw

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

Authorization

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

UBUNTU-CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

UBUNTU-CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

PT-2023-1338

Name of the Vulnerable Software and Affected Versions Argo CD versions 2.5.0-rc1 through 2.5.7 Argo CD version 2.6.0-rc4 Description The issue is related to an authorization bypass bug in Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. This bug allows a malicious Argo CD...

CVE-2022-3820

An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a...

CVE-2022-3820

CVE-2022-3820 affects GitLab versions 15.4 up to 15.4.3 and 15.5 up to 15.5.1, where GitLab did not perform correct authentication with certain Package Registries when IP address restrictions were configured. This allowed an attacker who already possessed a valid Deploy Token to misuse it from an...