19 matches found
GHSA-H9Q6-HC68-35RP vulnerabilities
Vulnerabilities for packages: flyte...
CVE-2026-32284 vulnerabilities
Vulnerabilities for packages: flyte...
CVE-2026-32284 vulnerabilities
Vulnerabilities for packages: flyte...
GHSA-H9Q6-HC68-35RP vulnerabilities
Vulnerabilities for packages: flyte...
MAL-2025-36031 Malicious code in test-mlw2-price-flyte (npm)
The package test-mlw2-price-flyte was found to contain malicious code...
Malicious code in test-mlw2-price-flyte (npm)
The package test-mlw2-price-flyte was found to contain malicious code...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: cluster-api-ipam-provider-in-cluster, kube-logging-operator, apache-exporter, yunikorn-k8shim, gosu-fips, esbuild, jaeger-operator, prometheus-stackdriver-exporter, boring-registry, elvish, doppler-kubernetes-operator, cloudnative-pg-fips, harbor-fips,...
CVE-2022-39273
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
CVE-2023-41891
FlyteAdmin’s list endpoints are vulnerable to SQL injection in versions prior to 1.1.124, where a malicious user can send REST requests with custom SQL statements as list filters. The attacker must have access to the FlyteAdmin installation (typically behind VPN or authenticated access). A patch ...
Flyte Admin SQL Injection in List Filters
Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...
GHSA-R847-6W6H-R8G4 Flyte Admin SQL Injection in List Filters
Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress WP Cerber Security 9.0 and prior versions, which stems from incorrect validation of the value provided for the author parameter in the ~/cerber-load.php file. An attacker can exploit the vulnerability to launch a user enumeration attack.
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...
Hardcoded credentials
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
CVE-2022-39273
FlyteAdmin's CVE-2022-39273 describes a vulnerability in the default OAuth2 authorization server configuration. When ExternalAuthorizationServer is not specified, the default clientid hashes and a hardcoded hashed password in Flyte Admin (and propagated to the Propeller configmap in Helm charts) ...
CVE-2022-39273 Default OAuth Authorization Server secret in FlyteAdmin
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
GHSA-67X4-QR35-QVRM FlyteAdmin's Default OAuth Authorization Server secret must be rotated
Impact Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte...
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
Impact Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte...
CVE-2022-24856 Server-Side Request Forgery in FlyteConsole
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery SSRF when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server...
Uber: Full read SSRF in flyte-poc-us-east4.uberinternal.com
Uber summary TBD. @shubs and I discovered an instance of Flyte Console on uberinternal.com. After auditing the open source code, we noticed an unauthenticated route for a “CORS proxy”. This was a classic server-side request forgery issue, allowing us to pass an arbitrary request to be performed b...