Lucene search
K

815 matches found

openvas
openvas
added 2018/03/27 12:0 a.m.10 views

etcd Detection (HTTP)

HTTP based detection of etcd. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.140887";...

7.4AI score
Exploits0References1
cnvd
cnvd
added 2018/03/26 12:0 a.m.4 views

Etcd REST API Unauthorized Access Vulnerability

etcd is an open source distributed key-value store database. It provides a reliable way to store data across clusters of machines. By default it returns administrative credentials for queries without authentication. An unauthorized access vulnerability exists in the Etcd REST API. An attacker cou...

6.8AI score
Exploits0References1
metasploit
metasploit
added 2018/03/25 5:54 p.m.27 views

Etcd Keys API Information Gathering

This module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Etcd...

0.6AI score
Exploits0
seebug
seebug
added 2018/03/25 12:0 a.m.429 views

Etcd REST API 未授权访问漏洞

From an application security perspective databases are the most valuable parts of our systems. They store the data that gives value to our apps and companies. This data which has been entrusted to us by our users should be kept safe and away of the hands of criminals. Every developer I talk to is...

6.8AI score
Exploits0
redhatcve
redhatcve
added 2018/03/23 3:18 a.m.29 views

CVE-2018-1085

OpenShift and Atomic Enterprise Ansible deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCDCLIENTCERTAUTH and ETCDPEERCLIENTCERTAUTH in etcd.conf result in etcd being configured to allow remote users to conne...

10CVSS8.9AI score0.02237EPSS
Exploits0References1
veracode
veracode
added 2017/04/28 2:45 a.m.31 views

Path Traversal

github.com/kubernetes/kubernetes is vulnerable to path traversal attacks. The attacks are possible because it does not validate the names of all object types ObjectMeta in BeforeCreate before passing them to etcd to generate etcd key...

6.4CVSS6AI score0.01812EPSS
Exploits0References6Affected Software1
redhat
redhat
added 2016/11/15 7:8 p.m.60 views

Moderate: Red Hat Security Advisory: atomic-openshift-utils security and bug fix update

An update for openshift-ansible and ansible is now available for OpenShift Container Platform 3.2 and 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.4AI score0.03253EPSS
Exploits0References14
nvd
nvd
added 2015/11/06 6:59 p.m.21 views

CVE-2015-5305

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...

6.4CVSS6.4AI score0.01812EPSS
Exploits0References2
prion
prion
added 2015/11/06 6:59 p.m.21 views

Directory traversal

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...

6.4CVSS6.9AI score0.01812EPSS
Exploits0References2Affected Software1
cve
cve
added 2015/11/06 6:0 p.m.74 views

CVE-2015-5305

CVE-2015-5305 describes a directory traversal in Kubernetes as used by Red Hat OpenShift Enterprise 3.0. An attacker can write to arbitrary files by supplying a crafted object type name that is not properly validated before being passed to etcd. The vulnerability affects Kubernetes/OpenShift comp...

6.4CVSS6.5AI score0.01812EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2015/11/06 6:0 p.m.36 views

CVE-2015-5305

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...

6.4AI score0.01812EPSS
Exploits0References2
debiancve
debiancve
added 2015/11/06 6:0 p.m.47 views

CVE-2015-5305

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd...

6.4CVSS6.4AI score0.01812EPSS
Exploits0
ptsecurity
ptsecurity
added 2015/11/06 12:0 a.m.4 views

PT-2015-6842 · Red Hat +2 · Red Hat Openshift Enterprise +2

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to the fixed version Red Hat OpenShift Enterprise version 3.0 Description: A directory traversal issue exists due to improper handling of crafted object type names before they are passed to etcd. This allows attacker...

6.5CVSS6.4AI score0.01812EPSS
Exploits0References13
redhat
redhat
added 2015/10/27 6:41 p.m.43 views

Moderate: Red Hat Security Advisory: kubernetes security update

Updated kubernetes packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.4CVSS7.3AI score0.01812EPSS
Exploits0References2
redhat
redhat
added 2015/10/27 6:41 p.m.6 views

Kubernetes: Missing name validation allows path traversal in etcd

Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal...

6.4CVSS5.8AI score0.01812EPSS
Exploits0References4
Rows per page
Query Builder