Malicious code in cloud-functions-apply-gce-sizing-recommendations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff71f573ab0c75770c1eb1201e5e39139353eacb5afd6db5270d684e0bee416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-185 Malicious code in cloud-functions-apply-gce-sizing-recommendations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff71f573ab0c75770c1eb1201e5e39139353eacb5afd6db5270d684e0bee416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Kubernetes: Privilege Escalation in kOps using GCE/GCP Provider

A privilege escalation vulnerability was discovered in kOps when using the GCE/GCP provider. An attacker with shell access to a pod could escalate their privileges to cluster admin by accessing the service account credentials and sensitive information stored in the state storage bucket. This...

Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents...

Unspecified Vulnerability in HashiCorp Terraform

Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform versions prior to 2.19.1 that stems from a failure to properly configure the GCE type binding tag for Vault's GCP...

Authorization Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to authorization bypass. The insecure configuration in GCE-type bound labels for GCP auth method could allow for an attacker to bypass authorization and access otherwise restricted actions...

CVE-2021-30476

HashiCorp Terraform’s Vault Provider terraform-provider-vault did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1...

Security Bulletin: A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Management

Summary A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Managemen 2.2.0 and previous version Vulnerability Details CVEID: CVE-2020-16250 DESCRIPTION: HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, cause...

CVE-2021-21266 XXE vulnerability in OpenHAB

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

fence security update

CentOS Errata and Security Advisory CESA-2020:5003 An update for fence-agents is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Announcing the Fuzzilli Research Grant Program

Posted by Samuel Groß, Project Zero Project Zero’s mission is to make 0-day hard in order to improve end-user security. We attack this problem in different ways, including supporting other security researchers. While Google currently offers research grants, they are limited to academics and those...

Privilege Escalation

gce-compute-image is vulnerable to privilege escation. The vulnerability allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Usin...

CVE-2020-16251

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

CVE-2020-16251

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

CVE-2020-16251

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

CVE-2020-16251

CVE-2020-16251 affects HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer when configured with the GCP GCE auth method. The issue allows authentication bypass due to a flaw in the GCP authentication flow. Fixed in Vault/Vault Enterprise releases 1.2.5, 1.3.8, 1.4.4, and 1.5.1. The avai...

CVE-2020-8903

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from th...

CVE-2020-8903

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from th...

CVE-2020-8903

Removed by vendor...

CVE-2019-16546

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...