1198 matches found
mongo-java-driver: client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
GC2 - A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive
GC2 Google Command and Control is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive. Why This program has been developed in order to provide a command and control that does not require any...
Domain-Protect - Protect Against Subdomain Takeover
Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack ...
Privilege Escalation
github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability exists due to the unexpected interaction between glob-related policies and the google cloud secrets engine, which allows an attacker with read permission to read all the rolesets and perform unauthorized actions...
Release Information for Veeam Backup for Google Cloud Platform v2 Patch 1
Requirements Before installing this patch, please confirm that you are running Veeam Backup for Google Cloud Platform v2 build 2.0.0.530. You can check your build number under Configuration | Support Information | About | Server version by clicking the gear icon at the top-right corner of the mai...
Incorrect Privilege Assignment in HashiCorp Vault
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
GHSA-362V-WG5P-64W2 Incorrect Privilege Assignment in HashiCorp Vault
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
CVE-2021-42135
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
CVE-2021-42135
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
Design/Logic Flaw
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
CVE-2021-42135
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
CVE-2021-42135
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...
CVE-2021-42135
CVE-2021-42135 affects HashiCorp Vault and Vault Enterprise 1.8.x–1.8.4, describing an unexpected interaction between glob-related policies and the Google Cloud secrets engine. The root cause is a policy-glob interaction that may grant more privileges than intended, e.g., a user with read access ...
Hashicorp HashiCorp Vault 安全漏洞
Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Vault andVault Enterprise versions 1.8.0 through 1.8.4, which stems from the possibility of unexpected interactions between the software's globally relevan...
PT-2021-23554 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.8.x through 1.8.4 Description: The issue is related to an unexpected interaction between glob-related policies and the Google Cloud secrets engine. This may result in users having more privilege...
Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards
Summary The Google Cloud secrets engine in Vault or Vault Enterprise “Vault” 1.8.0 and above may provide users, under specific conditions, with more privileges than in prior versions. Due to changes in the underlying functionality of the Google Cloud secrets engine, policies that use globs may...
Virtual Event: Google Cloud Next | October 12 – 14
Level-up your skills and uncover what’s next for cloud by registering for the virtual Google Cloud Next conference starting Oct. 12, 2021...
Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection
2021 has seen a lot of change. Billionaires now go where only governments and Red Bull gimmicks could go before. The 2020 Olympics didn’t take place in 2020. Tom Brady won his 7th Super Bowl for a completely new franchise those of you in the US get this reference. Similar change in application...
USN-5073-2: Linux kernel (GCP) vulnerabilities
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...
Black Hat: Novel DNS Hack Spills Confidential Corp Data
LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...