GO-2025-3697 Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation in github.com/gardener/external-dns-management

Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation in github.com/gardener/external-dns-management...

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the handling of DNS secrets. An attacker can escalate privileges by supplying malicious Google credentials. Note: Upgrading to 1.23.6 will fix the vulnerability in most cases, but not when the extension...

External DNS Management 输入验证错误漏洞

External DNS Management is a Gardener open source environment for managing external DNS entries for kubernetes clusters. An input validation error vulnerability exists in External DNS Management versions prior to 0.23.6, which stems from malicious Google credentials in DNS and could lead to...

PT-2025-1595 · WordPress · The Quiz Maker Developer +2

Name of the Vulnerable Software and Affected Versions: The Quiz Maker Business plugin for WordPress versions up to, and including, 8.8.0 The Quiz Maker Developer plugin for WordPress versions up to, and including, 21.8.0 The Quiz Maker Agency plugin for WordPress versions up to, and including,...

PT-2024-40052 · Unknown · Openrefine

Name of the Vulnerable Software and Affected Versions: OpenRefine version 3.8.2 Description: The issue concerns the exposure of Google API authentication keys, specifically the client id and client secret, within OpenRefine releases. These keys can be extracted from released artifacts, such as th...

New Windows Malware Locks Computer in Kiosk Mode

Clever: A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware "locks" the user's browser on Google's login page with no obviou...

GHSA-8QH4-FGHR-6FXG Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master...

‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials

“Hack-for-hire” organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials. Researchers with Google’s Threat Analysis Group TAG warned that they’ve spotted a...

CVE-2018-7259

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...

Android Factory Reset Improper Sanitization Exposes Data

The churn of Android devices, whether older smartphones being traded in or sold online, makes device sanitization imperative. The native feature in the OS, however, may not be doing as thorough a job as advertised. A paper, “Security Analysis of Android Factory Resets” pdf, published by Ross...