794 matches found
Etcd REST API Unauthorized Access Vulnerability
etcd is an open source distributed key-value store database. It provides a reliable way to store data across clusters of machines. By default it returns administrative credentials for queries without authentication. An unauthorized access vulnerability exists in the Etcd REST API. An attacker cou...
Etcd Keys API Information Gathering
This module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Etcd...
Etcd REST API 未授权访问漏洞
From an application security perspective databases are the most valuable parts of our systems. They store the data that gives value to our apps and companies. This data which has been entrusted to us by our users should be kept safe and away of the hands of criminals. Every developer I talk to is...
CVE-2018-1085
OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCDCLIENTCERTAUTH and ETCDPEERCLIENTCERTAUTH in etcd.conf result in etcd being configured to allow remote users to conne...
Path Traversal
github.com/kubernetes/kubernetes is vulnerable to path traversal attacks. The attacks are possible because it does not validate the names of all object types ObjectMeta in BeforeCreate before passing them to etcd to generate etcd key...
Moderate: Red Hat Security Advisory: atomic-openshift-utils security and bug fix update
An update for openshift-ansible and ansible is now available for OpenShift Container Platform 3.2 and 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Directory traversal
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...
CVE-2015-5305
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...
CVE-2015-5305
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...
CVE-2015-5305
CVE-2015-5305 describes a directory traversal in Kubernetes as used by Red Hat OpenShift Enterprise 3.0. An attacker can write to arbitrary files by supplying a crafted object type name that is not properly validated before being passed to etcd. The vulnerability affects Kubernetes/OpenShift comp...
CVE-2015-5305
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...
PT-2015-6842 · Red Hat +2 · Red Hat Openshift Enterprise +2
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to the fixed version Red Hat OpenShift Enterprise version 3.0 Description: A directory traversal issue exists due to improper handling of crafted object type names before they are passed to etcd. This allows attacker...
Kubernetes: Missing name validation allows path traversal in etcd
Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal...
Moderate: Red Hat Security Advisory: kubernetes security update
Updated kubernetes packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...