EUVD-2002-1080

Malware in sbrugna...

GHSA-28G7-896H-695V Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication

Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...

Signal Tests Upgraded Cryptography for Groups Function

Signal, the encrypted messaging platform, is planning to launch an upgraded secure group messaging and communities function. Signal’s groups are private, meaning that the service itself doesn’t keep a record of a user’s group memberships, group titles, group avatars or group attributes. But the w...

SCOUNIX_shadow_exploit.txt

Greetings, Any user may overwrite any file with group auth i.e. /etc/shadow, /etc/passwd using /etc/sysadm.d/bin/userOsa. Note that this will not change the permissions of the file or allow for the user to input a passwd entry string into these files, it will simply clobber the contents of the fi...