111 matches found
GHSA-PM3M-32R3-7MFH vulnerabilities
Vulnerabilities for packages: dgraph...
GHSA-J86V-2VJR-FG8F vulnerabilities
Vulnerabilities for packages: dgraph...
GHSA-WR2V-9RPQ-C35Q vulnerabilities
Vulnerabilities for packages: etcd-fips, dgraph, etcd...
GHSA-WR2V-9RPQ-C35Q vulnerabilities
Vulnerabilities for packages: dgraph...
GHSA-2XHQ-GV6C-P224 vulnerabilities
Vulnerabilities for packages: etcd-fips, dgraph, etcd...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: dgraph, falco, prometheus-blackbox-exporter, volume-modifier-for-k8s-fips, prometheus-adapter-fips, terraform-provider-sendgrid-fips, kiam, k3d, metrics-server-fips, aactl, kubernetes-csi-livenessprobe, timestamp-authority-fips, buildkitd, kubeflow-fips,...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubevela, buildkitd, spark-operator, terraform-provider-sendgrid, prometheus-blackbox-exporter, scorecard, up, k3d, aactl, kubeflow, kubescape, dgraph, cortex, src, slsa-verifier, falco...
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: external-dns, dgraph, falco, nodetaint, prometheus-blackbox-exporter, prometheus-pushgateway-fips, bom, go, dex, flux, skaffold, terraform-provider-sendgrid-fips, kube-logging-logging-operator, k3d, prometheus-pushgateway, kube-state-metrics, kpt, cosign, hey, rqlite...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: minio, memcached-exporter, nats, kpt, rqlite, cortex, dex, cue, frp, pulumi-language-dotnet, src, ko, kubernetes-csi-livenessprobe, nri-prometheus, nginx-stable, gobuster, kaf, secrets-store-csi-driver-provider-gcp, kubeflow-katib, secrets-store-csi-driver, conftest,...
Information Disclosure
github.com/dgraph-io/dgraph is vulnerable to Information Disclosure. The vulnerability is due to a nonce collision which makes the audit logs susceptible to brute force attacks. The last 4 bytes of the nonce are determined from the length of the log line, which makes decrypting the log through...
CVE-2023-31135
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
Design/Logic Flaw
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
GHSA-92WQ-Q9PQ-GW47 Dgraph Audit Log Encryption Vulnerability
Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...
Dgraph Audit Log Encryption Vulnerability
Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
CVE-2023-31135
CVE-2023-31135 affects Dgraph audit logs due to nonce collisions in the log encryption scheme. The first 12 bytes come from a baseIv, and the last 4 bytes from the log line length; because log lines often share the same length, nonces are reused. All audit logs generated by versions
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
Dgraph 加密问题漏洞
Dgraph is Dgraph open source a horizontally scalable distributed GraphQL database with a graph backend. Dgraph version before 23.0.0 has a cryptographic problem vulnerability , the vulnerability stems from a nounce conflict , an attacker can use the vulnerability to brute-force attack on the log...
PT-2023-23169 · Dgraph · Dgraph
Name of the Vulnerable Software and Affected Versions: Dgraph versions prior to v23.0.0 Description: Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is...