Fluentd TD-agent 4.0.1 Insecure Folder Permission

Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Date: 21.12.2020 Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...

CVE-2020-28169

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM...

CVE-2020-28169

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM...

Design/Logic Flaw

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM...

CVE-2020-28169

The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM...

CVE-2020-28169

CVE-2020-28169 refers to the Fluentd td-agent-builder plugin vulnerability prior to 2020-12-18, where the bin directory is writable by a user and a file in bin can be executed with NT AUTHORITY\SYSTEM privileges, enabling local privilege escalation. Public exploit material and disclosures (e.g., ...

Low: Red Hat Security Advisory: Red Hat Virtualization Engine security, bug fix 4.3.9

An update is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

PT-2019-6330 · Fluentd · Fluentd +1

Name of the Vulnerable Software and Affected Versions: Fluent Fluentd version 1.8.0 Fluent-ui version 1.2.2 Description: The issue is related to the use of a default password in Fluent Fluentd and its browser manager fluentd-ui, allowing attackers to gain escalated privileges and execute arbitrar...

Rancher 2.0.x < 2.0.15 / 2.1.x < 2.1.10 / 2.2.x < 2.2.4 Command Injection

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable...

Moderate: Red Hat Security Advisory: ovirt-engine-metrics security, bug fix, and enhancement update

An update for ovirt-engine-metrics is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

Design/Logic Flaw

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

CVE-2019-12303

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

PT-2019-12727 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 1 through 2.2.3 Rancher versions 2 through 2.2.3 Description: The issue allows unprivileged users to gain admin access to the Rancher management plane by posting sensitive data to the cloud. This can be achieved by exploiting...

Arbitrary Code Execution

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...

Information Disclosure

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...

Authorization Bypass

Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - fluentd

Summary IBM Cloud Private fluentd component is vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-16396 DESCRIPTION: Ruby could allow a remote attacker to bypass security restrictions, caused by the failure to properly check security controls. By sending a...

Escape Sequence Injection

Fluentd is vulnerable to escape sequence injection attacks. User input is pushed directly to the logs without filtering, allowing an attacker to change the terminal UI or execute commands on the device parsing the logs...