CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

CVE-2024-35199

CVE-2024-35199 concerns TorchServe where two gRPC ports (7070, 7071) were bound to all interfaces by default, not localhost, potentially exposing the service. The issue affects TorchServe in affected versions; the root cause is incorrect binding configuration, enabling network exposure. The advis...

GHSA-HHPG-V63P-WP7W TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

TorchServe vulnerable to bypass of allowed_urls configuration

Impact TorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which...

How to Configure EKS Clusters to Use AWS IAM Users/Roles for Veeam Kasten for Kubernetes Access

Purpose Follow this guide to provide appropriate Veeam Kasten for Kubernetes role-based access using AWS IAM users or roles. Solution Description Veeam Kasten for Kubernetes integrates with whatever authentication mechanism customers use to access their Kubernetes clusters. Since EKS natively...

Sail Further with Wiz Cost Optimization for Amazon EKS

Learn how Wiz's latest feature identifies outdated EKS clusters, helping organizations save millions on cloud spend. Find out how to optimize costs and reinvest savings in strategic initiatives...

CVE-2024-31989

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...

CVE-2024-31989

Argo CD (GitOps tool for Kubernetes) has a vulnerability where an unprivileged pod in a different namespace can reach the Redis server on port 6379, potentially leading to privilege escalation to the cluster controller or information leakage if Redis access is not restricted. The issue is mitigat...

CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...

GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

GitLab 12.6 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13261)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code CVE-2020-13261 Note that Nessus has not...

Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS

With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...

BIT-GITLAB-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

BIT-GITLAB-2020-13318

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, caddy, crossplane-provider-azure-managedidentity, fulcio, kube-bench, rabbitmq-messaging-topology-operator, kube-state-metrics, prometheus-beat-exporter-fips, metacontroller, external-secrets-fips, haproxy-ingress, cadvisor, sonobuoy, hubble-fip...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, datadog-agent, nuclei, caddy, kube-logging-logging-operator, pombump, newrelic-infrastructure-agent, docker-credential-gcr, http-echo, terraform-docs, scorecard, newrelic-infra-operator, kube-bench, logstash-exporter, runc, vexctl, ferretdb,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, datadog-agent, nuclei, caddy, kube-logging-logging-operator, pombump, newrelic-infrastructure-agent, docker-credential-gcr, http-echo, terraform-docs, scorecard, newrelic-infra-operator, kube-bench, logstash-exporter, runc, vexctl, ferretdb,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, sonobuoy, caddy, rqlite, yq, vt-cli, cni-plugins, yam, spark-operator, nri-f5, prometheus-alertmanager, gke-gcloud-auth-plugin, prometheus-pushgateway, kubewatch, fuse-overlayfs-snapshotter, datadog-agent, clusterctl,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, caddy, crossplane-provider-azure-managedidentity, fulcio, kube-bench, rabbitmq-messaging-topology-operator, kube-state-metrics, prometheus-beat-exporter-fips, metacontroller, external-secrets-fips, haproxy-ingress, cadvisor, sonobuoy, hubble-fip...