38 matches found
CVE-2022-31145
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...
EUVD-2022-6408
Malicious code in bioql PyPI...
EUVD-2023-2800
Malicious code in bioql PyPI...
EUVD-2022-7035
Malicious code in bioql PyPI...
CVE-2023-41891
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
CVE-2022-39273
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
CVE-2023-41891
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
Design/Logic Flaw
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
CVE-2023-41891 FlyteAdmin SQL Injection in List Filters
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
CVE-2023-41891 FlyteAdmin SQL Injection in List Filters
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
CVE-2023-41891
FlyteAdmin’s list endpoints are vulnerable to SQL injection in versions prior to 1.1.124, where a malicious user can send REST requests with custom SQL statements as list filters. The attacker must have access to the FlyteAdmin installation (typically behind VPN or authenticated access). A patch ...
CVE-2023-41891 FlyteAdmin SQL Injection in List Filters
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
SQL Injection
github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries...
FlyteAdmin SQL Injection Vulnerability
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. A SQL injection vulnerability exists in FlyteAdmin versions prior to 1.1.124, which stems from the presence of a SQL vulnerability that allows a...
PT-2023-28148 · Unknown · Flyteadmin
Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.124 Description: The issue concerns a SQL vulnerability in list endpoints on FlyteAdmin, where a malicious user can send a REST request with custom SQL statements as list filters. This requires the attacker to...
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress WP Cerber Security 9.0 and prior versions, which stems from incorrect validation of the value provided for the author parameter in the ~/cerber-load.php file. An attacker can exploit the vulnerability to launch a user enumeration attack.
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...
Authorization Bypass
github.com/flyteorg/flyteadmin is vulnerable to authorization bypasses. The default configuration for FlyteAdmin allows access for Flyte Propeller even after turning on authentication via a hardcoded hashed password, which allows remote attackers to bypass authorization mechanism by effectively...
Authentication Bypass
github.com/flyteorg/flyteadmin is vulnerable to authentication bypass. The vulnerability exists in config.go due to the use of hard-coded credentials without changing the default client id hashes, which allows an attacker to access for flyte propeller after turning on authentication via a...
CVE-2022-39273
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
Hardcoded credentials
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...