26 matches found
CVE-2024-45794
Devtron (open source tool integration platform for Kubernetes) has a SQL Injection vulnerability in the CreateUser API (/orchestrator/user). An authenticated user with minimum permissions could exploit this to execute malicious SQL queries. The issue is addressed in version 0.7.2; upgrading is ad...
CVE-2024-45794 SQL Injection in CreateUser API in devtron
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...
GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...
Devtron has SQL Injection in CreateUser API
Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...
PT-2024-31775 · Devtron +1 · Devtron +1
Name of the Vulnerable Software and Affected Versions: Devtron versions prior to 0.7.2 Description: Devtron is an open source tool integration platform for Kubernetes. An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL...
Devtron SQL注入漏洞
Devtron is a Kubernetes cloud-native tool integration platform open-sourced by Devtron. A SQL injection vulnerability exists in Devtron prior to version 0.7.2, which stems from an authenticated user being able to execute malicious SQL queries via the CreateUser interface...