10 matches found
EUVD-2017-3770
Malware in sbrugna...
CVE-2019-3789
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...
CVE-2019-3789 Gorouter allows space developer to hijack route services hosted outside the platform
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...
Authentication Bypass
openshift elasticsearch is vulnerable to authentication bypass. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an extern...
CVE-2017-12195
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the...
Design/Logic Flaw
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the...
CVE-2017-12195
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the...
PT-2018-5382 · Red Hat · Openshift Enterprise
Name of the Vulnerable Software and Affected Versions: Openshift Enterprise versions affected versions not specified Description: A flaw was found in Openshift Enterprise that allows an attacker to bypass authentication and access Elasticsearch without a token, given they have knowledge of the na...
3: authentication bypass for elasticsearch with external routes
An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices...
CVE-2017-12195
An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices...